CVE-2006-0301

Name of the Vulnerable Software and Affected Versions: pdfkit.framework versions prior to the fixed version kdegraphics versions prior to 3.4.3-r4

Description: The issue involves multiple vulnerabilities in the pdfkit.framework package of Debian GNU/Linux and kdegraphics package of Gentoo Linux. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in Splash.cc, as used in xpdf and other products including pdfkit.framework and kdegraphics, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images.

Recommendations: For pdfkit.framework, update to a version that contains a fix for this issue. For kdegraphics versions prior to 3.4.3-r4, update to version 3.4.3-r4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable pdfkit.framework and kdegraphics packages until a patch is available.