7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.8%
CentOS Errata and Security Advisory CESA-2006:0201
The xpdf package is an X Window System-based viewer for Portable Document
Format (PDF) files.
A heap based buffer overflow bug was discovered in Xpdf. An attacker could
construct a carefully crafted PDF file that could cause Xpdf to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0301 to this issue.
Users of Xpdf should upgrade to this updated package, which contains a
backported patch to resolve these issues.
Red Hat would like to thank Dirk Mueller for reporting this issue and
providing a patch.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-February/074799.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074807.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074809.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074813.html
https://lists.centos.org/pipermail/centos-announce/2006-February/074817.html
https://lists.centos.org/pipermail/centos-announce/2006-February/087553.html
Affected packages:
xpdf
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0201
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | x86_64 | xpdf | < 3.00-11.12 | xpdf-3.00-11.12.x86_64.rpm |
CentOS | 4 | i386 | xpdf | < 3.00-11.12 | xpdf-3.00-11.12.i386.rpm |
CentOS | 4 | x86_64 | xpdf | < 3.00-11.12 | xpdf-3.00-11.12.x86_64.rpm |
CentOS | 4 | ia64 | xpdf | < 3.00-11.12 | xpdf-3.00-11.12.ia64.rpm |
CentOS | 4 | alpha | xpdf | < 3.00-11.12 | xpdf-3.00-11.12.alpha.rpm |
CentOS | 4 | s390 | xpdf | < 3.00-11.12 | xpdf-3.00-11.12.s390.rpm |
CentOS | 4 | s390x | xpdf | < 3.00-11.12 | xpdf-3.00-11.12.s390x.rpm |