23 matches found
CVE-2019-19630
CVE-2019-19630 affects HTMLDOC 1.9.7, enabling a stack-based buffer overflow in hd_strlcpy() (string.c) when triggered from render_contents in ps-pdf.cxx via a crafted HTML document. Connected advisories confirm the vulnerability and indicate fixes in later releases/updates across distributions (...
CVE-2021-20308
CVE-2021-20308 affects HTMLDOC (1.9.11 and earlier). The vulnerability is an integer overflow in HTMLDOC’s image loading paths (image_load_jpeg and image_load_png in image.cxx) that can cause heap/buffer overflows, enabling arbitrary code execution and denial of service. Public advisories referen...
CVE-2021-26948
CVE-2021-26948 involves a null pointer dereference in htmldoc up to v1.9.11 and earlier, allowing arbitrary code execution and denial of service via a crafted HTML file. Affected product: htmldoc; root cause: null pointer dereference in HTML parsing/processing paths. Impact: remote code execution...
CVE-2021-23180
CVE-2021-23180 affects htmldoc up to version 1.9.12. Root cause is a null pointer dereference in file_extension() in file.c, potentially allowing arbitrary code execution and denial of service. Public docs identify this vulnerability but do not provide exploit details. Mitigation: upgrade to a fi...
CVE-2022-27114
CVE-2022-27114 affects htmldoc 1.9.16. In image_load_jpeg (image.cxx), malloc is used for img->width/height in a way that can overflow, causing the allocated heap block to be smaller than expected and leading to a buffer overflow in jpeg_read_scanlines. Connected sources corroborate a memory/h...
CVE-2021-23191
CVE-2021-23191 affects HTMLDOC prior to v1.9.12, featuring a NULL pointer dereference in image_load_jpeg() (image.cxx) that may cause denial of service. Related advisories confirm the flaw across distributions (Astra Linux, Ubuntu USN 7189-1, Gentoo GLSA 202405-07, Debian DLA-2700) and list affec...
CVE-2021-23165
CVE-2021-23165 affects HTMLDOC prior to v1.9.12. The issue is a heap buffer overflow in pspdf_prepare_outpages() within ps-pdf.cxx, which may allow arbitrary code execution and denial of service. Publicly cited analyses come from multiple sources (NVD entry for CVE-2021-23165 and Gentoo GLSA 2024...
CVE-2021-26259
CVE-2021-26259 is a heap buffer overflow in htmldoc 1.9.12, specifically in render_table_row() within ps-pdf.cxx, which may lead to arbitrary code execution and denial of service. Connected advisories confirm this issue exists across distributions and that remediation is to upgrade to a newer htm...
CVE-2021-23158
CVE-2021-23158 : In HTMLDOC v1.9.12, a double-free in pspdf_export() (ps-pdf.cxx) may cause a write-what-where condition, enabling arbitrary code execution and denial of service. Affected component: HTMLDOC PDF export path; root cause: memory management error (double-free). Impact: remote code ex...
CVE-2021-23206
CVE-2021-23206 affects htmldoc up to version 1.9.12 and earlier. The root cause is a stack buffer overflow in parse_table() within ps-pdf.cxx, which may allow an attacker to execute arbitrary code and cause a denial of service. Public advisories across multiple distributions (Ubuntu USN-7189-1, G...
CVE-2021-43579
HTMLDOC contains a stack-based buffer overflow in image_load_bmp() that can cause remote code execution when a crafted BMP file is linked from an HTML document, affecting HTMLDOC
CVE-2022-24191
CVE-2022-24191 concerns HTMLDOC 1.9.14 where an infinite loop in the gif_read_lzw function can cause a pointer to an area of heap memory, resulting in a heap-based buffer overflow. Connected sources (Astra Linux bulletin) reiterate the same description without adding explicit patch details. No ex...
CVE-2024-45508
CVE-2024-45508 affects HTMLDOC prior to 1.9.19. The issue is an out-of-bounds write in parse_paragraph (ps-pdf.cxx) caused by attempting to strip leading whitespace from a whitespace-only node. Connected advisories (Mageia, openSUSE, Ubuntu USN, OSV) confirm the same root cause and indicate a pat...
CVE-2021-26252
CVE-2021-26252 affects HTMLDOC 1.9.12, where a heap-based buffer overflow in pspdf_prepare_page() (ps-pdf.cxx) could lead to arbitrary code execution and denial of service. Publicly documented fixes indicate upgrading HTMLDOC to 1.9.16 or newer to address this and related issues; other details (e...
CVE-2022-0534
CVE-2022-0534 affects htmldoc 1.9.15, where a stack out-of-bounds read in gif_get_code() occurs when opening a crafted GIF, potentially causing a segmentation fault (crash). Public advisories reference this CVE alongside other HTMLDOC issues and commonly recommend upgrading to a newer htmldoc rel...
CVE-2024-46478
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre in ps-pdf.cxx:5681 (CVE-2024-46478). This is referenced across multiple advisories (e.g., Mageia MGASA-2024-0353 and USN-7225-1) as a vulnerability affecting HTMLDOC and tied to potential memory/heap corruption. Related entries also cover a ...
CVE-2022-0137
HTMLDOC contains a heap buffer overflow in the image_set_mask function, exploitable on versions before 1.9.15. The vulnerability can cause out-of-bounds writes with potential denial of service and, in some advisories, arbitrary code execution. CVE-2022-0137 is the primary entry, with related advi...
CVE-2022-34035
HTMLDOC v1.9.12 and earlier contains a heap overflow in e_node at htmldoc/htmldoc/html.cxx:588. The CVE is documented as CVE-2022-34035. Public sources describe impact as a heap overflow that could allow denial of service or arbitrary code execution. Ubuntu advisory USN-7225-1 attributes addition...
CVE-2021-40985
CVE-2021-40985 affects htmldoc prior to 1.9.12, with a stack-based buffer under-read in image_load_bmp when processing BMP images, leading to denial of service. Several advisories confirm the issue and recommend upgrading to newer HTMLDOC versions (e.g., GNU/Linux distributions advise upgrading b...
CVE-2021-34121
CVE-2021-34121 affects htmodoc 1.9.12, where an Out-of-Bounds condition in parse_tree() (toc.cxx) can leak memory layout information. The connected sources corroborate this flaw and note the issue could be leveraged in a chain to reach code execution. The available documents specify the vulnerabl...
CVE-2022-34033
Summary: CVE-2022-34033 affects HTMLDOC v1.9.15 and is caused by a heap overflow in the write_header function (htmldoc/htmldoc/html.cxx:273). The issue is reported across multiple advisories and feeds, with the Ubuntu/Gentoo and Astra Linux entries corroborating the same root cause. Impact: poten...
CVE-2022-28085
The CVE-2022-28085 issue affects the HTMLDOC project. A heap buffer overflow in pdf_write_names (ps-pdf.cxx) after commit 31f7804 may allow arbitrary code execution and denial of service. Affected component: htmldoc; root cause: insufficient bounds handling in ps-pdf.cxx. Impact: potential remote...
CVE-2021-34119
CVE-2021-34119 affects htmodoc 1.9.12, rooted in the parse_paragraph function of ps-pdf.cxx. The flaw may allow code execution and a denial of service via a crafted file. Connected sources corroborate the issue across OSV/NVD/CNVD and related advisories, but none provide a remediation patch/versi...