CVE-2019-19630 — Out-of-bounds Write in Htmldoc

CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 32.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Htmldoc Project Htmldoc Debian Htmldoc Debian Linux +1 more

Timeline

PublishedDec 8

Latest updateMay 24

Description

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/htmldoc< htmldoc 1.9.7-1 (bookworm)

▶Debianhtmldoc_project/htmldoc< 1.9.7-1+3

▶NVDhtmldoc_project/htmldoc1.9.7

Also affects: Debian Linux 8.0, 9.0, Fedora 30, 31

🔴Vulnerability Details

GHSA

GHSA-45vc-mrxr-qgr2: HTMLDOC 1↗2022-05-24

▶

OSV

CVE-2019-19630: HTMLDOC 1↗2019-12-08

▶

📋Vendor Advisories

Ubuntu

HTMLDOC vulnerability↗2021-01-18

▶

Debian

CVE-2019-19630: htmldoc - HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function ...↗2019

▶

💬Community

Bugzilla

CVE-2019-19630 htmldoc: crafted HTML document allows for a stack-based buffer overflow in the hd_strlcpy() function in string.c [epel-all]↗2019-12-16

▶

Bugzilla

CVE-2019-19630 htmldoc: crafted HTML document allows for a stack-based buffer overflow in the hd_strlcpy() function in string.c↗2019-12-16

▶

Bugzilla

CVE-2019-19630 htmldoc: crafted HTML document allows for a stack-based buffer overflow in the hd_strlcpy() function in string.c [fedora-all]↗2019-12-16

▶