6 matches found
CVE-2021-23165
CVE-2021-23165 affects HTMLDOC prior to v1.9.12. The issue is a heap buffer overflow in pspdf_prepare_outpages() within ps-pdf.cxx, which may allow arbitrary code execution and denial of service. Publicly cited analyses come from multiple sources (NVD entry for CVE-2021-23165 and Gentoo GLSA 2024...
CVE-2024-45508
CVE-2024-45508 affects HTMLDOC prior to 1.9.19. The issue is an out-of-bounds write in parse_paragraph (ps-pdf.cxx) caused by attempting to strip leading whitespace from a whitespace-only node. Connected advisories (Mageia, openSUSE, Ubuntu USN, OSV) confirm the same root cause and indicate a pat...
CVE-2022-24191
CVE-2022-24191 concerns HTMLDOC 1.9.14 where an infinite loop in the gif_read_lzw function can cause a pointer to an area of heap memory, resulting in a heap-based buffer overflow. Connected sources (Astra Linux bulletin) reiterate the same description without adding explicit patch details. No ex...
CVE-2022-0137
HTMLDOC contains a heap buffer overflow in the image_set_mask function, exploitable on versions before 1.9.15. The vulnerability can cause out-of-bounds writes with potential denial of service and, in some advisories, arbitrary code execution. CVE-2022-0137 is the primary entry, with related advi...
CVE-2021-40985
CVE-2021-40985 affects htmldoc prior to 1.9.12, with a stack-based buffer under-read in image_load_bmp when processing BMP images, leading to denial of service. Several advisories confirm the issue and recommend upgrading to newer HTMLDOC versions (e.g., GNU/Linux distributions advise upgrading b...
CVE-2022-28085
The CVE-2022-28085 issue affects the HTMLDOC project. A heap buffer overflow in pdf_write_names (ps-pdf.cxx) after commit 31f7804 may allow arbitrary code execution and denial of service. Affected component: htmldoc; root cause: insufficient bounds handling in ps-pdf.cxx. Impact: potential remote...