CVE-2006-6146 - OpenCVE

Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:H/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Takeshi Kanno	Haru Free Pdf Library

Configuration 1 [-]

OR	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.1:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.2:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.3:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.4:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.5:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.6:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.7:::::::*

References

Link	Resource
http://sourceforge.net/project/shownotes.php?release_id=465886	Patch
http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129	Patch
http://www.securityfocus.com/bid/21259	Patch
http://www.vupen.com/english/advisories/2006/4675

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-28T23:00:00

Updated: 2009-02-26T10:00:00

Reserved: 2006-11-28T00:00:00

Link: CVE-2006-6146

JSON object: View

NVD Information

Status : Modified

Published: 2006-11-28T23:28:00.000

Modified: 2011-03-08T02:45:18.737

Link: CVE-2006-6146

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-23T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21259", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21259"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129"}, {"name": "ADV-2006-4675", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4675"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=465886"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6146", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21259", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21259"}, {"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129", "refsource": "CONFIRM", "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129"}, {"name": "ADV-2006-4675", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4675"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=465886", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=465886"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6146", "datePublished": "2006-11-28T23:00:00", "dateReserved": "2006-11-28T00:00:00", "dateUpdated": "2009-02-26T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFF3BB92-218B-4F05-A58A-C4873B675E95", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "650CE745-75DA-49A5-AD26-E8A5C27D2284", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF02B8E6-5D2C-42DD-B0DA-51617CDAE7C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F61B8EB-37BF-4E45-903C-C25DD1100FAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5C1974B3-3902-4C53-B6EF-D85B8BC815C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "419260A7-5934-4FF1-9A60-6B7FEDEE8D3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A1052571-E29C-482F-8512-7F7A448A7274", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "02D21F87-42A4-45AF-9A39-9A59631F8824", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n HPDF_Page_Circle en hpdf_page_operator.c en Takeshi Kanno Haru Free PDF Library (libharu2, tambi\u00e9n conocida como libharu) 2.0.7 y anteriores permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante ciertos argumentos que producen una gran cantidad de informaci\u00f3n PDF, como ha sido demostrado por un c\u00edrculo relleno."}], "id": "CVE-2006-6146", "lastModified": "2011-03-08T02:45:18.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-11-28T23:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=465886"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21259"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4675"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}