CVE-2006-0301
libextractor - several
EPSS 3.1%
Description
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
How to fix CVE-2006-0301
To remediate CVE-2006-0301, upgrade the affected package to a fixed version below.
- Debian/gpdf—upgrade to 2.8.2-1.2sarge3 or later
- Debian/libextractor—upgrade to 0.5.10-1 or later
- —upgrade to 0.4.2-2sarge3 or later
- —upgrade to 0.8-2sarge2 or later
- —upgrade to 0.4.5-1 or later
- —upgrade to 3.01-6 or later
- —upgrade to 3.00-13.5 or later
Is CVE-2006-0301 being exploited?
Low — EPSS is 3.1%, meaning exploitation activity has not been observed at scale.
Affected packages (7)
- from 0, < 2.8.2-1.2sarge3
- from 0, < 0.5.10-1
- from 0, < 0.4.2-2sarge3
- from 0, < 0.8-2sarge2
- from 0, < 0.4.5-1
- from 0, < 3.01-6
- from 0, < 3.00-13.5