CVE-2006-0301

Name: CVE-2006-0301
Creator: NVD / NIST
Published: 2006-01-30T22:03:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.40%

Last modified Jun 16, 2026

CVE-2006-0301 is a vulnerability of currently unknown severity. Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.. EPSS estimates a 4.40% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Metrics

EPSS Probability

4.40%

90.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Xpdf	Xpdf	All versions

References

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txtPatch, Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0206.htmlPatch, Vendor Advisory
http://secunia.com/advisories/18274Vendor Advisory
http://secunia.com/advisories/18677Patch, Vendor Advisory
http://secunia.com/advisories/18707Patch, Vendor Advisory
http://secunia.com/advisories/18825Patch, Vendor Advisory
http://secunia.com/advisories/18826Patch, Vendor Advisory
http://secunia.com/advisories/18834Patch, Vendor Advisory
http://secunia.com/advisories/18837Patch, Vendor Advisory
http://secunia.com/advisories/18838Patch, Vendor Advisory
http://secunia.com/advisories/18839Patch, Vendor Advisory
http://secunia.com/advisories/18860Patch, Vendor Advisory
http://secunia.com/advisories/18862Patch, Vendor Advisory
http://secunia.com/advisories/18864Patch, Vendor Advisory
http://secunia.com/advisories/18875Vendor Advisory
http://secunia.com/advisories/18882Patch, Vendor Advisory
http://secunia.com/advisories/18908Patch, Vendor Advisory
http://secunia.com/advisories/18913Patch, Vendor Advisory
http://secunia.com/advisories/18983Patch, Vendor Advisory
http://secunia.com/advisories/19377Patch, Vendor Advisory
http://securityreason.com/securityalert/470
http://securitytracker.com/id?1015576Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747Patch
http://www.debian.org/security/2006/dsa-971Patch, Vendor Advisory
http://www.debian.org/security/2006/dsa-972Patch, Vendor Advisory
http://www.debian.org/security/2006/dsa-974Patch, Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xmlPatch, Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xmlPatch, Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xmlPatch, Vendor Advisory
http://www.kde.org/info/security/advisory-20060202-1.txtPatch, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0201.htmlPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/423899/100/0/threadedPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.ubuntu.com/usn/usn-249-1Patch
http://www.vupen.com/english/advisories/2006/0389Vendor Advisory
http://www.vupen.com/english/advisories/2006/0422Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=141242
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txtPatch, Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0206.htmlPatch, Vendor Advisory
http://secunia.com/advisories/18274Vendor Advisory
http://secunia.com/advisories/18677Patch, Vendor Advisory
http://secunia.com/advisories/18707Patch, Vendor Advisory
http://secunia.com/advisories/18825Patch, Vendor Advisory
http://secunia.com/advisories/18826Patch, Vendor Advisory
http://secunia.com/advisories/18834Patch, Vendor Advisory
http://secunia.com/advisories/18837Patch, Vendor Advisory
http://secunia.com/advisories/18838Patch, Vendor Advisory
http://secunia.com/advisories/18839Patch, Vendor Advisory
http://secunia.com/advisories/18860Patch, Vendor Advisory
http://secunia.com/advisories/18862Patch, Vendor Advisory
http://secunia.com/advisories/18864Patch, Vendor Advisory
http://secunia.com/advisories/18875Vendor Advisory
http://secunia.com/advisories/18882Patch, Vendor Advisory
http://secunia.com/advisories/18908Patch, Vendor Advisory
http://secunia.com/advisories/18913Patch, Vendor Advisory
http://secunia.com/advisories/18983Patch, Vendor Advisory
http://secunia.com/advisories/19377Patch, Vendor Advisory
http://securityreason.com/securityalert/470
http://securitytracker.com/id?1015576Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683Patch
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747Patch
http://www.debian.org/security/2006/dsa-971Patch, Vendor Advisory
http://www.debian.org/security/2006/dsa-972Patch, Vendor Advisory
http://www.debian.org/security/2006/dsa-974Patch, Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-04.xmlPatch, Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-05.xmlPatch, Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-12.xmlPatch, Vendor Advisory
http://www.kde.org/info/security/advisory-20060202-1.txtPatch, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:030
http://www.mandriva.com/security/advisories?name=MDKSA-2006:031
http://www.mandriva.com/security/advisories?name=MDKSA-2006:032
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.htmlPatch, Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0201.htmlPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/423899/100/0/threadedPatch, Vendor Advisory
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.ubuntu.com/usn/usn-249-1Patch
http://www.vupen.com/english/advisories/2006/0389Vendor Advisory
http://www.vupen.com/english/advisories/2006/0422Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=141242
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179046
https://exchange.xforce.ibmcloud.com/vulnerabilities/24391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10850

Timeline

Published: Jan 30, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-0301?

How severe is CVE-2006-0301?

Severity scoring for CVE-2006-0301 is pending analysis. The EPSS model estimates a 4.40% probability of exploitation in the next 30 days.

How do I fix CVE-2006-0301?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-0301?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST