CVE-2021-26252
published 2022-02-24CVE-2021-26252: A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | htmldoc | < htmldoc 1.9.11-4 (bookworm) | htmldoc 1.9.11-4 (bookworm) |
| fedoraproject | fedora | — | — |
| htmldoc_project | htmldoc | — | — |
| htmldoc_project | htmldoc | — | — |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4 | 1.9.11-4 |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4 | 1.9.11-4 |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4 | 1.9.11-4 |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4 | 1.9.11-4 |
| htmldoc_project | htmldoc | >= 0 < 1.8.27-8ubuntu1+esm3 | 1.8.27-8ubuntu1+esm3 |
| htmldoc_project | htmldoc | >= 0 < 1.8.27-8ubuntu1.1+esm2 | 1.8.27-8ubuntu1.1+esm2 |
| htmldoc_project | htmldoc | >= 0 < 1.9.2-1ubuntu0.2+esm1 | 1.9.2-1ubuntu0.2+esm1 |
| htmldoc_project | htmldoc | >= 0 < 1.9.7-1ubuntu0.3+esm1 | 1.9.7-1ubuntu0.3+esm1 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv9.8CRITICAL
OSV
HTMLDOC vulnerabilities
osv·2025-01-08·CVSS 9.8
CVE-2021-20308 [CRITICAL] HTMLDOC vulnerabilities
HTMLDOC vulnerabilities
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to an integer overflow. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-20308)
It was discovered that HTMLDOC incorrectly handled memory in pspdf_export,
which could lead to a double-free. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23158)
It was discovered that HTMLDOC incorrectly handled memory when loading a
JPEG image, which could lead to a NULL pointer dereference. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-23191, CVE-2021-26948)
It was discovered that HTMLDOC incorrectly handled certain inputs, which
coul
GHSA
GHSA-xfrq-7xgg-w3v5: A flaw was found in htmldoc in v1
ghsa_unreviewed·2022-02-25
CVE-2021-26252 [HIGH] CWE-787 GHSA-xfrq-7xgg-w3v5: A flaw was found in htmldoc in v1
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
OSV
CVE-2021-26252: A flaw was found in htmldoc in v1
osv·2022-02-24·CVSS 7.8
CVE-2021-26252 [HIGH] CVE-2021-26252: A flaw was found in htmldoc in v1
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Ubuntu
HTMLDOC vulnerabilities
vendor_ubuntu·2025-01-08·CVSS 9.8
CVE-2021-34121 [CRITICAL] HTMLDOC vulnerabilities
Title: HTMLDOC vulnerabilities
Summary: Several security issues were fixed in HTMLDOC.
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to an integer overflow. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-20308)
It was discovered that HTMLDOC incorrectly handled memory in pspdf_export,
which could lead to a double-free. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23158)
It was discovered that HTMLDOC incorrectly handled memory when loading a
JPEG image, which could lead to a NULL pointer dereference. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-23191, CVE-2021-26948)
It was discov
Debian
CVE-2021-26252: htmldoc - A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_pa...
vendor_debian·2021·CVSS 7.8
CVE-2021-26252 [HIGH] CVE-2021-26252: htmldoc - A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_pa...
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Scope: local
bookworm: resolved (fixed in 1.9.11-4)
bullseye: resolved (fixed in 1.9.11-4)
forky: resolved (fixed in 1.9.11-4)
sid: resolved (fixed in 1.9.11-4)
trixie: resolved (fixed in 1.9.11-4)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-24
Published