| Name | CVE-2006-1244 |
| Description | Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1019-1, DSA-982-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| xpdf (PTS) | bullseye | 3.04+git20210103-3 | fixed |
| bookworm | 3.04+git20220601-1 | fixed | |
| sid, trixie | 3.04+git20240613-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gpdf | source | sarge | 2.8.2-1.2sarge4 | DSA-982-1 | ||
| gpdf | source | (unstable) | 2.10.0-3 | |||
| koffice | source | sarge | 1.3.5-4.sarge.3 | DSA-1019-1 | ||
| koffice | source | (unstable) | 2.3.3-1 | |||
| xpdf | source | (unstable) | (not affected) |
- xpdf <not-affected> (All issues previously fixed)
Discussion has shown that the revamp patch doesn't fix new vulnerabilities
xpdf (and therewith the questionable code) is not part of koffice for some time now