The vulnerability of the file_extension() function in the file.c component of the HTMLDOC document conversion tool allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.

🗓️ 23 Sep 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

HTMLDOC file_extension() flaw in file.c enables pointer dereference to leak data and cause failures.

Reporter	Title	Published	Views	Family All 50
AstraLinux	Astra Linux - уязвимость в htmldoc	20 May 202605:53	–	astralinux
CNNVD	HTMLDOC 代码问题漏洞	10 Jun 202100:00	–	cnnvd
CVE	CVE-2021-23180	2 Mar 202222:29	–	cve
Cvelist	CVE-2021-23180	2 Mar 202222:29	–	cvelist
Debian	[SECURITY] [DLA 2700-1] htmldoc security update	1 Jul 202100:59	–	debian
Debian	[SECURITY] [DSA 4928-1] htmldoc security update	9 Jun 202121:09	–	debian
Debian CVE	CVE-2021-23180	2 Mar 202222:29	–	debiancve
Tenable Nessus	Debian DLA-2700-1 : htmldoc - LTS security update	1 Jul 202100:00	–	nessus
Tenable Nessus	Debian DSA-4928-1 : htmldoc - security update	11 Jun 202100:00	–	nessus
Tenable Nessus	GLSA-202405-07 : HTMLDOC: Multiple Vulnerabilities	4 May 202400:00	–	nessus

Vulners

Node

michael_r_sweet htmldocRange<1.9.12

Source	Link
github	www.github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
github	www.github.com/michaelrsweet/htmldoc/issues/418
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-23180
security-tracker	www.security-tracker.debian.org/tracker/CVE-2021-23180
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.1/
web	www.web.nvd.nist.gov/view/vuln/detail

06 Nov 2024 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 26.8

CVSS 37.8

EPSS0.01268

document conversion tool file extension function pointer dereference data leakage integrity impact service failures