CVE-2006-0301
CVSS7.5
发布时间 :2006-01-30 17:03:00
修订时间 :2011-03-07 00:00:00
NMCOP    

[原文]Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.


[CNNVD]Xpdf "Splash.cc" Splash图形处理堆溢出漏洞(CNNVD-200601-364)

        Xpdf是便携文档格式(PDF)文件的开放源码浏览器。
        Xpdf在处理畸形的splash图形文件时存在漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。Xpdf在处理畸形splash图形时,相关的"splash/Splash.cc"代码中存在堆溢出漏洞,可能导致生成超出相关位图的"width"或"height"的值。远程攻击者可以诱骗用户打开恶意的文档导致执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10850Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framew...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0301
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-364
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/24391
(PATCH)  XF  xpdf-splash-bo(24391)
http://www.ubuntu.com/usn/usn-249-1
(PATCH)  UBUNTU  USN-249-1
http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
(VENDOR_ADVISORY)  FEDORA  FLSA:175404
http://www.securityfocus.com/archive/1/423899/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060202 [KDE Security Advisory] kpdf/xpdf heap based buffer overflow
http://www.redhat.com/support/errata/RHSA-2006-0201.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0201
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
(VENDOR_ADVISORY)  FEDORA  FEDORA-2006-103
http://www.kde.org/info/security/advisory-20060202-1.txt
(VENDOR_ADVISORY)  MISC  http://www.kde.org/info/security/advisory-20060202-1.txt
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200602-12
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200602-05
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200602-04
http://www.debian.org/security/2006/dsa-974
(VENDOR_ADVISORY)  DEBIAN  DSA-974
http://www.debian.org/security/2006/dsa-972
(VENDOR_ADVISORY)  DEBIAN  DSA-972
http://www.debian.org/security/2006/dsa-971
(VENDOR_ADVISORY)  DEBIAN  DSA-971
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
(PATCH)  SLACKWARE  SSA:2006-045-04
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
(PATCH)  SLACKWARE  SSA:2006-045-09
http://securitytracker.com/id?1015576
(PATCH)  SECTRACK  1015576
http://secunia.com/advisories/19377
(VENDOR_ADVISORY)  SECUNIA  19377
http://secunia.com/advisories/18983
(VENDOR_ADVISORY)  SECUNIA  18983
http://secunia.com/advisories/18913
(VENDOR_ADVISORY)  SECUNIA  18913
http://secunia.com/advisories/18908
(VENDOR_ADVISORY)  SECUNIA  18908
http://secunia.com/advisories/18882
(VENDOR_ADVISORY)  SECUNIA  18882
http://secunia.com/advisories/18864
(VENDOR_ADVISORY)  SECUNIA  18864
http://secunia.com/advisories/18862
(VENDOR_ADVISORY)  SECUNIA  18862
http://secunia.com/advisories/18860
(VENDOR_ADVISORY)  SECUNIA  18860
http://secunia.com/advisories/18839
(VENDOR_ADVISORY)  SECUNIA  18839
http://secunia.com/advisories/18838
(VENDOR_ADVISORY)  SECUNIA  18838
http://secunia.com/advisories/18837
(VENDOR_ADVISORY)  SECUNIA  18837
http://secunia.com/advisories/18834
(VENDOR_ADVISORY)  SECUNIA  18834
http://secunia.com/advisories/18826
(VENDOR_ADVISORY)  SECUNIA  18826
http://secunia.com/advisories/18825
(VENDOR_ADVISORY)  SECUNIA  18825
http://secunia.com/advisories/18707
(VENDOR_ADVISORY)  SECUNIA  18707
http://secunia.com/advisories/18677
(VENDOR_ADVISORY)  SECUNIA  18677
http://rhn.redhat.com/errata/RHSA-2006-0206.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0206
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
(VENDOR_ADVISORY)  SCO  SCOSA-2006.15
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
(UNKNOWN)  MISC  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
https://bugzilla.novell.com/show_bug.cgi?id=141242
(UNKNOWN)  CONFIRM  https://bugzilla.novell.com/show_bug.cgi?id=141242
http://www.vupen.com/english/advisories/2006/0422
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0422
http://www.vupen.com/english/advisories/2006/0389
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0389
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
(UNKNOWN)  MANDRIVA  MDKSA-2006:032
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
(UNKNOWN)  MANDRIVA  MDKSA-2006:031
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
(UNKNOWN)  MANDRIVA  MDKSA-2006:030
http://securityreason.com/securityalert/470
(UNKNOWN)  SREASON  470
http://secunia.com/advisories/18875
(VENDOR_ADVISORY)  SECUNIA  18875
http://secunia.com/advisories/18274
(VENDOR_ADVISORY)  SECUNIA  18274

- 漏洞信息

Xpdf "Splash.cc" Splash图形处理堆溢出漏洞
高危 缓冲区溢出
2006-01-30 00:00:00 2007-02-07 00:00:00
远程  
        Xpdf是便携文档格式(PDF)文件的开放源码浏览器。
        Xpdf在处理畸形的splash图形文件时存在漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。Xpdf在处理畸形splash图形时,相关的"splash/Splash.cc"代码中存在堆溢出漏洞,可能导致生成超出相关位图的"width"或"height"的值。远程攻击者可以诱骗用户打开恶意的文档导致执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F43582)

KDE Security Advisory 2006-02-02.1 (PacketStormID:F43582)
2006-02-04 00:00:00
KDE Desktop  kde.org
advisory,overflow,arbitrary
CVE-2006-0301
[点击下载]

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.

KDE Security Advisory: kpdf/xpdf heap based buffer overflow
Original Release Date: 2006-02-02
URL: http://www.kde.org/info/security/advisory-20060202-1.txt

0. References
        CVE-2006-0301


1. Systems affected:

        KDE 3.4.0 up to including KDE 3.5.1


2. Overview:

        kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
        a heap based buffer overflow in the splash rasterizer engine
        that can crash kpdf or even execute arbitrary code.


3. Impact:

        Remotely supplied pdf files can be used to execute arbitrary
	code on the client machine.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.4.3 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        bc7dc2a5235f95a41fc1d7ab885899da  
post-3.5.1-kdegraphics-CVE-2006-0301.diff

        Patch for KDE 3.4.3 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        ebbce0a49537b694932b3c0efcf18261  
post-3.4.3-kdegraphics-CVE-2006-0301.diff


    

- 漏洞信息

22833
Multiple Products Xpdf/kpdf Splash Image Dimension Field Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

- 时间线

2006-02-01 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站