CVE-2006-0301

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

公開: 2006-01-30 最終更新: 2026-06-16 Assigner: [email protected] ソース: [email protected]

総合評価: CVE-2006-0301 は中リスク(62.8/100)。CVSS 深刻度は高。悪用される可能性が高い(EPSS 4.40%、90 パーセンタイル) 根拠: EPSS 上、短期間での悪用可能性は高い水準です。 直近 1 日で EPSS が +1.32% 上昇。悪用への関心が高まっている可能性があります。 推奨対応: 悪用可能性が高いため、影響範囲の確認と修補の優先付けを推奨します。

リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。

CVE-2006-0301 の EPSS(Exploit Prediction Scoring System)スコア

EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。

# 日付 旧 EPSS スコア 新 EPSS スコア Δ(新 − 旧)
1 2026-06-15 3.08% 4.40% +1.32%
2 2025-03-30 7.79% 3.08% -4.71%
3 2025-03-29 7.79%

EPSS の全履歴 (全 8 件)

CVE-2006-0301 の CVSS(Common Vulnerability Scoring System)指標

この CVE の CVSS 指標。

ベーススコア バージョン 深刻度 ベクトル 悪用しやすさ 影響 スコアの出典
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P クリックして展開
アクセス経路 (AV:N)
ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:L)
手順が短く、再現性が高い。
認証 (AU:N)
認証を経ずに攻撃を完結できる。
機密性への影響 (C:P)
機密性は部分的に損なわれる。
完全性への影響 (I:P)
完全性は部分的に損なわれる。
可用性への影響 (A:P)
可用性は部分的に損なわれる。
10.0 6.4 [email protected]

CVE-2006-0301 の弱点分類(列挙)

CVE-2006-0301 の OS トラッカー

vendor priority summary link
debian medium CVE-2006-0301 medium priority: Debian including 3 source packages (libextractor, poppler, xpdf), 15 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 15. https://security-tracker.debian.org/tracker/CVE-2006-0301
gentoo normal CVE-2006-0301: 3 GLSA(s) (200602-04, 200602-05, 200602-12), 5 atom(s) (app-text/gpdf, app-text/poppler, app-text/xpdf, kde-base/kdegraphics, kde-base/kpdf); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2006-0301
redhat high https://access.redhat.com/security/cve/CVE-2006-0301
suse high CVE-2006-0301 severity important: SUSE including 18 source package names (libpoppler-cpp0-21.08.0-1.3, libpoppler-cpp0-32bit-21.08.0-1.3, …), 18 product×package rows across 2 product lines (SUSE Linux Enterprise Server 16.0, openSUSE Tumbleweed): Fixed 18. https://www.suse.com/security/cve/CVE-2006-0301/
ubuntu medium CVE-2006-0301 medium priority: Ubuntu including 6 source packages (gpdf, kdegraphics, libextractor, pdftohtml, poppler, xpdf), 24 status rows across 4 suites (dapper, edgy, feisty, upstream): released 13, needs-triage 6, not-affected 3, DNE 1, ignored 1. https://ubuntu.com/security/CVE-2006-0301

CVE-2006-0301 の影響を受けるソフトウェア/構成

ベンダー 製品 バージョン 生の CPE
xpdf xpdf cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*

CVE-2006-0301 の参考情報

URL タグ
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0206.html Patch Vendor Advisory
http://secunia.com/advisories/18274 Vendor Advisory
http://secunia.com/advisories/18677 Patch Vendor Advisory
http://secunia.com/advisories/18707 Patch Vendor Advisory
http://secunia.com/advisories/18825 Patch Vendor Advisory
http://secunia.com/advisories/18826 Patch Vendor Advisory
http://secunia.com/advisories/18834 Patch Vendor Advisory
http://secunia.com/advisories/18837 Patch Vendor Advisory
http://secunia.com/advisories/18838 Patch Vendor Advisory
http://secunia.com/advisories/18839 Patch Vendor Advisory
http://secunia.com/advisories/18860 Patch Vendor Advisory
http://secunia.com/advisories/18862 Patch Vendor Advisory
http://secunia.com/advisories/18864 Patch Vendor Advisory
http://secunia.com/advisories/18875 Vendor Advisory
http://secunia.com/advisories/18882 Patch Vendor Advisory
http://secunia.com/advisories/18908 Patch Vendor Advisory
http://secunia.com/advisories/18913 Patch Vendor Advisory
http://secunia.com/advisories/18983 Patch Vendor Advisory
http://secunia.com/advisories/19377 Patch Vendor Advisory
http://securityreason.com/securityalert/470
http://securitytracker.com/id?1015576 Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683 Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747 Patch
http://www.debian.org/security/2006/dsa-971 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-972 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-974 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml Patch Vendor Advisory
http://www.kde.org/info/security/advisory-20060202-1.txt Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0201.html Patch Vendor Advisory
http://www.securityfocus.com/archive/1/423899/100/0/threaded Patch Vendor Advisory
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.ubuntu.com/usn/usn-249-1 Patch
http://www.vupen.com/english/advisories/2006/0389 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0422 Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=141242
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850
cvelogic Threat Intelligence