CVE-2021-40647

CVE-2021-40647 affects the man2html 1.6g tool. A string read from a file can overwrite the top-heap size, causing a segmentation fault; if the heap size parameter is not aligned, this can escalate to an arbitrary write in memory on systems with GLIBC versions before 2.29 and with proper alignment...

CVE-2021-40648

CVE-2021-40648 affects man2html 1.6g. A filename can be created to overwrite the previous size parameter of the next chunk and the fd/bk/fd_nextsize/bk_nextsize of the current chunk, after which the next chunk is freed later on, causing a potentially arbitrary amount of memory to be freed. This i...