CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

Published: Mar 15, 2006
Updated: Nov 9, 2025
CVE: CVE-2006-1244
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
xpdf / xpdf	2.0	2.0.x
libextractor / libextractor	0.3.11	0.3.11.x
xpdf / xpdf	3.0_pl3	3.0_pl3.x
xpdf / xpdf	1.0	1.0.x
libextractor / libextractor	0.4.1	0.4.1.x
libextractor / libextractor	0.4.2	0.4.2.x
xpdf / xpdf	3.0.1_pl1	3.0.1_pl1.x
xpdf / xpdf	0.91	0.91.x
libextractor / libextractor	0.4	0.4.x
libextractor / libextractor	0.3.8	0.3.8.x
xpdf / xpdf	2.3	2.3.x
xpdf / xpdf	0.92	0.92.x
xpdf / xpdf	3.0.1	3.0.1.x
gnome / gpdf	2.8.2	2.8.2.x
xpdf / xpdf	1.0a	1.0a.x
libextractor / libextractor	0.3.9	0.3.9.x
xpdf / xpdf	2.2	2.2.x
xpdf / xpdf	3.0_pl2	3.0_pl2.x
xpdf / xpdf	2.1	2.1.x
xpdf / xpdf	0.90	0.90.x
xpdf / xpdf	3.0	3.0.x
libextractor / libextractor	0.5	0.5.x
xpdf / xpdf	0.93	0.93.x
libextractor / libextractor	0.3.7	0.3.7.x
libextractor / libextractor	0.3.6	0.3.6.x
xpdf / xpdf	1.1	1.1.x
debian / debian_linux	3.1	3.1.x

Vulnerability Database

300,444

CVE-2006-1244

Deep Security Visibility Without the Complexity