CVE-2006-6146 - OpenCVE

Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:H/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Takeshi Kanno	Haru Free Pdf Library

Configuration 1 [-]

OR	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.1:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.2:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.3:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.4:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.5:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.6:::::::*
	cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.7:::::::*

No data.

References

Link	Providers
http://sourceforge.net/project/shownotes.php?release_id=465886
http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129
http://www.securityfocus.com/bid/21259
http://www.vupen.com/english/advisories/2006/4675

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-28T23:00:00

Updated: 2024-08-07T20:19:34.441Z

Reserved: 2006-11-28T00:00:00

Link: CVE-2006-6146

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-28T23:28:00.000

Modified: 2011-03-08T02:45:18.737

Link: CVE-2006-6146

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-23T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21259", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21259"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129"}, {"name": "ADV-2006-4675", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4675"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=465886"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6146", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21259", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21259"}, {"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129", "refsource": "CONFIRM", "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129"}, {"name": "ADV-2006-4675", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4675"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=465886", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=465886"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:34.441Z"}, "title": "CVE Program Container", "references": [{"name": "21259", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21259"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129"}, {"name": "ADV-2006-4675", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4675"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=465886"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6146", "datePublished": "2006-11-28T23:00:00", "dateReserved": "2006-11-28T00:00:00", "dateUpdated": "2024-08-07T20:19:34.441Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFF3BB92-218B-4F05-A58A-C4873B675E95", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "650CE745-75DA-49A5-AD26-E8A5C27D2284", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF02B8E6-5D2C-42DD-B0DA-51617CDAE7C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F61B8EB-37BF-4E45-903C-C25DD1100FAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5C1974B3-3902-4C53-B6EF-D85B8BC815C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "419260A7-5934-4FF1-9A60-6B7FEDEE8D3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A1052571-E29C-482F-8512-7F7A448A7274", "vulnerable": true}, {"criteria": "cpe:2.3:a:takeshi_kanno:haru_free_pdf_library:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "02D21F87-42A4-45AF-9A39-9A59631F8824", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en la funci\u00f3n HPDF_Page_Circle en hpdf_page_operator.c en Takeshi Kanno Haru Free PDF Library (libharu2, tambi\u00e9n conocida como libharu) 2.0.7 y anteriores permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante ciertos argumentos que producen una gran cantidad de informaci\u00f3n PDF, como ha sido demostrado por un c\u00edrculo relleno."}], "id": "CVE-2006-6146", "lastModified": "2011-03-08T02:45:18.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-11-28T23:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?release_id=465886"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1597538&group_id=83044&atid=568129"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21259"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4675"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}