Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
46 vulnerabilities found for htmldoc by htmldoc_project
CVE-2024-46478 (GCVE-0-2024-46478)
Vulnerability from nvd – Published: 2024-10-24 00:00 – Updated: 2024-10-25 20:03
VLAI?
Summary
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:htmldoc_project:htmldoc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "htmldoc",
"vendor": "htmldoc_project",
"versions": [
{
"status": "affected",
"version": "1.9.18"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46478",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:01:18.780208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:03:38.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T17:43:27.851Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/529"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/683bec548e642cf4a17e003fb34f6bbaf2d27b98"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46478",
"datePublished": "2024-10-24T00:00:00.000Z",
"dateReserved": "2024-09-11T00:00:00.000Z",
"dateUpdated": "2024-10-25T20:03:38.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45508 (GCVE-0-2024-45508)
Vulnerability from nvd – Published: 2024-09-01 00:00 – Updated: 2024-09-03 15:07
VLAI?
Summary
HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:htmldoc:htmldoc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "htmldoc",
"vendor": "htmldoc",
"versions": [
{
"lessThan": "1.9.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45508",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:06:38.413694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:07:42.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-01T21:18:30.799Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/528"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/blob/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2/CHANGES.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45508",
"datePublished": "2024-09-01T00:00:00.000Z",
"dateReserved": "2024-09-01T00:00:00.000Z",
"dateUpdated": "2024-09-03T15:07:42.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34121 (GCVE-0-2021-34121)
Vulnerability from nvd – Published: 2023-07-18 00:00 – Updated: 2024-10-28 17:04
VLAI?
Summary
An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/433"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T17:04:27.494699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T17:04:36.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/433"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34121",
"datePublished": "2023-07-18T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-28T17:04:36.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34119 (GCVE-0-2021-34119)
Vulnerability from nvd – Published: 2023-07-18 00:00 – Updated: 2024-10-28 16:49
VLAI?
Summary
A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/431"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/85fa76d77ed69927d24decf476e69bedc7691f48"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:49:10.696500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:49:17.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/431"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/85fa76d77ed69927d24decf476e69bedc7691f48"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34119",
"datePublished": "2023-07-18T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-28T16:49:17.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0137 (GCVE-0-2022-0137)
Vulnerability from nvd – Published: 2022-11-14 17:01 – Updated: 2025-04-25 19:53
VLAI?
Summary
A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.
Severity ?
7.5 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| michaelrsweet | htmldoc |
Affected:
1.9.14
Unaffected: 1.9.15 |
Date Public ?
2021-12-29 23:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/461"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0137",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T19:52:40.944684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T19:53:06.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/michaelrsweet/htmldoc",
"defaultStatus": "unknown",
"product": "htmldoc",
"vendor": "michaelrsweet",
"versions": [
{
"status": "affected",
"version": "1.9.14"
},
{
"status": "unaffected",
"version": "1.9.15"
}
]
}
],
"datePublic": "2021-12-29T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries."
}
],
"value": "A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T17:20:16.314Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/461"
},
{
"tags": [
"patch"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2022-0137",
"datePublished": "2022-11-14T17:01:45.131Z",
"dateReserved": "2022-01-06T16:29:02.563Z",
"dateUpdated": "2025-04-25T19:53:06.011Z",
"requesterUserId": "f3a2da25-33ae-4444-b293-a5bd0f5d6b21",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34035 (GCVE-0-2022-34035)
Vulnerability from nvd – Published: 2022-07-18 20:14 – Updated: 2024-08-03 08:16
VLAI?
Summary
HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T11:32:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/426",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/426"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34035",
"datePublished": "2022-07-18T20:14:20.000Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:16:16.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34033 (GCVE-0-2022-34033)
Vulnerability from nvd – Published: 2022-07-18 20:14 – Updated: 2024-08-03 08:16
VLAI?
Summary
HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/425"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T11:32:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/425"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/425",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/425"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34033",
"datePublished": "2022-07-18T20:14:18.000Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:16:16.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27114 (GCVE-0-2022-27114)
Vulnerability from nvd – Published: 2022-05-09 16:52 – Updated: 2024-08-03 05:18
VLAI?
Summary
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:39.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/471"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3004-1] htmldoc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,\u0027img-\u003ewidth\u0027 and \u0027img-\u003eheight\u0027 they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T20:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/471"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3004-1] htmldoc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,\u0027img-\u003ewidth\u0027 and \u0027img-\u003eheight\u0027 they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/471",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/471"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3004-1] htmldoc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27114",
"datePublished": "2022-05-09T16:52:39.000Z",
"dateReserved": "2022-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:18:39.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28085 (GCVE-0-2022-28085)
Vulnerability from nvd – Published: 2022-04-27 02:19 – Updated: 2024-08-03 05:48
VLAI?
Summary
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:36.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T02:19:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/480",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/480"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28085",
"datePublished": "2022-04-27T02:19:23.000Z",
"dateReserved": "2022-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:48:36.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24191 (GCVE-0-2022-24191)
Vulnerability from nvd – Published: 2022-04-04 10:33 – Updated: 2024-08-03 04:07
VLAI?
Summary
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:01.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/470"
},
{
"name": "FEDORA-2022-39533c087f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-26T09:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/470"
},
{
"name": "FEDORA-2022-39533c087f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/470",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/470"
},
{
"name": "FEDORA-2022-39533c087f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24191",
"datePublished": "2022-04-04T10:33:45.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:01.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23165 (GCVE-0-2021-23165)
Vulnerability from nvd – Published: 2022-03-16 14:12 – Updated: 2024-08-03 19:05
VLAI?
Summary
A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-122 - (Heap-based Buffer Overflow)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967014"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before v1.9.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 (Heap-based Buffer Overflow)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T14:12:29.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967014"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f.patch"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-23165",
"datePublished": "2022-03-16T14:12:29.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:05:55.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23158 (GCVE-0-2021-23158)
Vulnerability from nvd – Published: 2022-03-16 14:12 – Updated: 2024-08-03 18:58
VLAI?
Summary
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-415 - (Double Free)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/414"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v1.9.12 and before."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 (Double Free)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T14:12:28.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/414"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-23158",
"datePublished": "2022-03-16T14:12:28.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:58:26.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26948 (GCVE-0-2021-26948)
Vulnerability from nvd – Published: 2022-03-03 00:00 – Updated: 2024-08-03 20:33
VLAI?
Summary
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.
Severity ?
No CVSS data available.
CWE
- CWE-479 - >CWE-476
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v1.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-479",
"description": "CWE-479-\u003eCWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/410"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-26948",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:41.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26259 (GCVE-0-2021-26259)
Vulnerability from nvd – Published: 2022-03-03 00:00 – Updated: 2024-08-03 20:19
VLAI?
Summary
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-787 - >CWE-400
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/417"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v1.9.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787-\u003eCWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/417"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-26259",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:19:20.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23206 (GCVE-0-2021-23206)
Vulnerability from nvd – Published: 2022-03-02 22:25 – Updated: 2024-08-03 19:05
VLAI?
Summary
A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-121 - - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/416"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967028"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-23206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v1.9.12 and prior, Fixed in v1.9.12+"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 - Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T22:25:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/416"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967028"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/CVE-2021-23206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-23206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "htmldoc",
"version": {
"version_data": [
{
"version_value": "Affects v1.9.12 and prior, Fixed in v1.9.12+"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 - Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/416",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/416"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1967028",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967028"
},
{
"name": "https://ubuntu.com/security/CVE-2021-23206",
"refsource": "MISC",
"url": "https://ubuntu.com/security/CVE-2021-23206"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-23206",
"datePublished": "2022-03-02T22:25:19.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:05:55.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23191 (GCVE-0-2021-23191)
Vulnerability from nvd – Published: 2022-03-02 22:28 – Updated: 2024-08-03 19:05
VLAI?
Summary
A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-476 - - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-23191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in htmldoc v1.9.12 and later."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 - NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-02T22:28:10.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/CVE-2021-23191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-23191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "htmldoc",
"version": {
"version_data": [
{
"version_value": "Fixed in htmldoc v1.9.12 and later."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 - NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/415",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/415"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1967022",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967022"
},
{
"name": "https://ubuntu.com/security/CVE-2021-23191",
"refsource": "MISC",
"url": "https://ubuntu.com/security/CVE-2021-23191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-23191",
"datePublished": "2022-03-02T22:28:10.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:05:54.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46478 (GCVE-0-2024-46478)
Vulnerability from cvelistv5 – Published: 2024-10-24 00:00 – Updated: 2024-10-25 20:03
VLAI?
Summary
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:htmldoc_project:htmldoc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "htmldoc",
"vendor": "htmldoc_project",
"versions": [
{
"status": "affected",
"version": "1.9.18"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46478",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:01:18.780208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:03:38.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T17:43:27.851Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/529"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/683bec548e642cf4a17e003fb34f6bbaf2d27b98"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46478",
"datePublished": "2024-10-24T00:00:00.000Z",
"dateReserved": "2024-09-11T00:00:00.000Z",
"dateUpdated": "2024-10-25T20:03:38.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45508 (GCVE-0-2024-45508)
Vulnerability from cvelistv5 – Published: 2024-09-01 00:00 – Updated: 2024-09-03 15:07
VLAI?
Summary
HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:htmldoc:htmldoc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "htmldoc",
"vendor": "htmldoc",
"versions": [
{
"lessThan": "1.9.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45508",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T15:06:38.413694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T15:07:42.016Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-01T21:18:30.799Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/528"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/blob/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2/CHANGES.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45508",
"datePublished": "2024-09-01T00:00:00.000Z",
"dateReserved": "2024-09-01T00:00:00.000Z",
"dateUpdated": "2024-09-03T15:07:42.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34121 (GCVE-0-2021-34121)
Vulnerability from cvelistv5 – Published: 2023-07-18 00:00 – Updated: 2024-10-28 17:04
VLAI?
Summary
An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/433"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34121",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T17:04:27.494699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T17:04:36.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/433"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34121",
"datePublished": "2023-07-18T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-28T17:04:36.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34119 (GCVE-0-2021-34119)
Vulnerability from cvelistv5 – Published: 2023-07-18 00:00 – Updated: 2024-10-28 16:49
VLAI?
Summary
A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/431"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/85fa76d77ed69927d24decf476e69bedc7691f48"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:49:10.696500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:49:17.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/431"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/85fa76d77ed69927d24decf476e69bedc7691f48"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34119",
"datePublished": "2023-07-18T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-28T16:49:17.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0137 (GCVE-0-2022-0137)
Vulnerability from cvelistv5 – Published: 2022-11-14 17:01 – Updated: 2025-04-25 19:53
VLAI?
Summary
A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.
Severity ?
7.5 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| michaelrsweet | htmldoc |
Affected:
1.9.14
Unaffected: 1.9.15 |
Date Public ?
2021-12-29 23:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/461"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0137",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T19:52:40.944684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T19:53:06.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/michaelrsweet/htmldoc",
"defaultStatus": "unknown",
"product": "htmldoc",
"vendor": "michaelrsweet",
"versions": [
{
"status": "affected",
"version": "1.9.14"
},
{
"status": "unaffected",
"version": "1.9.15"
}
]
}
],
"datePublic": "2021-12-29T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries."
}
],
"value": "A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T17:20:16.314Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/461"
},
{
"tags": [
"patch"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2022-0137",
"datePublished": "2022-11-14T17:01:45.131Z",
"dateReserved": "2022-01-06T16:29:02.563Z",
"dateUpdated": "2025-04-25T19:53:06.011Z",
"requesterUserId": "f3a2da25-33ae-4444-b293-a5bd0f5d6b21",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34035 (GCVE-0-2022-34035)
Vulnerability from cvelistv5 – Published: 2022-07-18 20:14 – Updated: 2024-08-03 08:16
VLAI?
Summary
HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T11:32:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/426",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/426"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34035",
"datePublished": "2022-07-18T20:14:20.000Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:16:16.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34033 (GCVE-0-2022-34033)
Vulnerability from cvelistv5 – Published: 2022-07-18 20:14 – Updated: 2024-08-03 08:16
VLAI?
Summary
HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/425"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T11:32:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/425"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/425",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/425"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34033",
"datePublished": "2022-07-18T20:14:18.000Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:16:16.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27114 (GCVE-0-2022-27114)
Vulnerability from cvelistv5 – Published: 2022-05-09 16:52 – Updated: 2024-08-03 05:18
VLAI?
Summary
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:39.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/471"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3004-1] htmldoc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,\u0027img-\u003ewidth\u0027 and \u0027img-\u003eheight\u0027 they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T20:06:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/471"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3004-1] htmldoc security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,\u0027img-\u003ewidth\u0027 and \u0027img-\u003eheight\u0027 they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/471",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/471"
},
{
"name": "[debian-lts-announce] 20220513 [SECURITY] [DLA 3004-1] htmldoc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27114",
"datePublished": "2022-05-09T16:52:39.000Z",
"dateReserved": "2022-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:18:39.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28085 (GCVE-0-2022-28085)
Vulnerability from cvelistv5 – Published: 2022-04-27 02:19 – Updated: 2024-08-03 05:48
VLAI?
Summary
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:36.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/480"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T02:19:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/480"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/480",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/480"
},
{
"name": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28085",
"datePublished": "2022-04-27T02:19:23.000Z",
"dateReserved": "2022-03-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:48:36.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24191 (GCVE-0-2022-24191)
Vulnerability from cvelistv5 – Published: 2022-04-04 10:33 – Updated: 2024-08-03 04:07
VLAI?
Summary
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:01.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/470"
},
{
"name": "FEDORA-2022-39533c087f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-26T09:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/470"
},
{
"name": "FEDORA-2022-39533c087f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/htmldoc/issues/470",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/htmldoc/issues/470"
},
{
"name": "FEDORA-2022-39533c087f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24191",
"datePublished": "2022-04-04T10:33:45.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:01.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23165 (GCVE-0-2021-23165)
Vulnerability from cvelistv5 – Published: 2022-03-16 14:12 – Updated: 2024-08-03 19:05
VLAI?
Summary
A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-122 - (Heap-based Buffer Overflow)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/413"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967014"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before v1.9.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 (Heap-based Buffer Overflow)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T14:12:29.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/413"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967014"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f.patch"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-23165",
"datePublished": "2022-03-16T14:12:29.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:05:55.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23158 (GCVE-0-2021-23158)
Vulnerability from cvelistv5 – Published: 2022-03-16 14:12 – Updated: 2024-08-03 18:58
VLAI?
Summary
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-415 - (Double Free)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/414"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v1.9.12 and before."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 (Double Free)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-16T14:12:28.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/414"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-23158",
"datePublished": "2022-03-16T14:12:28.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:58:26.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26259 (GCVE-0-2021-26259)
Vulnerability from cvelistv5 – Published: 2022-03-03 00:00 – Updated: 2024-08-03 20:19
VLAI?
Summary
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.
Severity ?
No CVSS data available.
CWE
- CWE-787 - >CWE-400
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/417"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v1.9.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787-\u003eCWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/417"
},
{
"url": "https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-26259",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:19:20.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26948 (GCVE-0-2021-26948)
Vulnerability from cvelistv5 – Published: 2022-03-03 00:00 – Updated: 2024-08-03 20:33
VLAI?
Summary
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.
Severity ?
No CVSS data available.
CWE
- CWE-479 - >CWE-476
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/michaelrsweet/htmldoc/issues/410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "htmldoc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v1.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-479",
"description": "CWE-479-\u003eCWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://github.com/michaelrsweet/htmldoc/issues/410"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-26948",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2021-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:41.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}