CVE-2009-3050 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Htmldoc

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.5%

top 18.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Htmldoc Project Htmldoc Debian Htmldoc Htmldoc

Timeline

PublishedSep 2

Latest updateMay 2

Description

Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/htmldoc< htmldoc 1.8.27-4.1 (bookworm)

▶Debianhtmldoc_project/htmldoc< 1.8.27-4.1+3

▶NVDhtmldoc/htmldoc1.8.27+3

🔴Vulnerability Details

GHSA

GHSA-qmc2-x7wp-66p7: Buffer overflow in the set_page_size function in util↗2022-05-02

▶

OSV

CVE-2009-3050: Buffer overflow in the set_page_size function in util↗2009-09-02

▶

📋Vendor Advisories

Red Hat

HTMLDOC: Stack-based buffer overflow when setting custom page output size↗2009-07-14

▶

Debian

CVE-2009-3050: htmldoc - Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and ...↗2009

▶

💬Community

Bugzilla

CVE-2009-3050 HTMLDOC: Stack-based buffer overflow when setting custom page output size↗2009-07-18

▶