CVE-2022-29536

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow in ephystringshorten in the UI process via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered...

SUSE-SU-2022:14898-1 Security update for htmldoc

This update for htmldoc fixes the following issues: - CVE-2019-19630: Fixed stack-based buffer overflow in the hdstrlcpy function in string.c via a crafted HTML document bsc1158802. - CVE-2021-20308: Fixed integer overflow in imageloadgif bsc1184424. - CVE-2022-0534: Fixed stack out-of-bounds rea...

Debian DLA-2928-1 : htmldoc - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2928 advisory. - Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to imageloadbmp. CVE-2021-40985 - A...

CVE-2021-45394

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...

UBUNTU-CVE-2021-43579

A stack-based buffer overflow in imageloadbmp in HTMLDOC = 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file...

in michaelrsweet/htmldoc

Description In gifreadimage, in image.cxx, gifreadlzw might return a value greater than 255, which results in an out of bounds read, leading to denial of service. c typedef uchar gifcmapt2563; / ... / static int / I - 0 = success, -1 = failure / gifreadimageFILE fp, / I - Input file / imaget img,...

Mozilla Firefox Security Advisory (MFSA2013-102) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2021-43032

In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side...

CVE-2021-34821

Cross Site Scripting XSS vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL...

MGASA-2021-0332 Updated htmldoc packages fix security vulnerabilities

Updated htmldoc packages fix security vulnerabilities: Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181 CVE-2021-20308. AddressSanitizer: double-free in function pspdfexport ps-pdf.cxx...

HTMLDOC 缓冲区错误漏洞

HTMLDOC is an open source program that converts HTML and Markdown files to EPUB, Indexed HTML, PostScript and PDF formats. HTMLDOC suffers from a buffer error vulnerability that stems from a boundary error in the pspdfprepareoutpages function in ps-pdf.cxx. A remote attacker could exploit this...

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...

Hardcoded credentials

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...

PT-2022-21978 · Htmldoc +3 · Htmldoc +3

Name of the Vulnerable Software and Affected Versions: HTMLDoc version 1.9.15 Description: A heap overflow issue was discovered in HTMLDoc via the write header function in the /htmldoc/htmldoc/html.cxx file at line 273. This issue can be exploited, potentially leading to unspecified consequences...

URL Spoofing

firefox:edge is vulnerable to URL spoofing. When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the...

Input validation

Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack...

HTMLDOC 输入验证错误漏洞

HTMLDOC is an HTML file format conversion editor that reads HTML and Markdown source files or web pages and generates the corresponding EPUB, HTML, PostScript or PDF files with optional table of contents. An integer overflow vulnerability exists in HTMLDOC 1.9.11 and earlier versions. An attacker...

USN-4696-1 htmldoc vulnerability

It was discovered that HTMLDOC incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a denial of service...

CVE-2020-27608

In BigBlueButton before 2.2.28 or earlier, uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document...

CVE-2020-27608

In BigBlueButton before 2.2.28 or earlier, uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document...