CVE-2021-40985
published 2021-11-03CVE-2021-40985: A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
PriorityP418medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.87%
54.3th percentile
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | htmldoc | < htmldoc 1.9.13-1 (bookworm) | htmldoc 1.9.13-1 (bookworm) |
| htmldoc_project | htmldoc | < 1.9.12 | 1.9.12 |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4+deb11u1 | 1.9.11-4+deb11u1 |
| htmldoc_project | htmldoc | >= 0 < 1.9.13-1 | 1.9.13-1 |
| htmldoc_project | htmldoc | >= 0 < 1.9.13-1 | 1.9.13-1 |
| htmldoc_project | htmldoc | >= 0 < 1.9.13-1 | 1.9.13-1 |
| htmldoc_project | htmldoc | >= 0 < 1.8.27-8ubuntu1+esm3 | 1.8.27-8ubuntu1+esm3 |
| htmldoc_project | htmldoc | >= 0 < 1.8.27-8ubuntu1.1+esm2 | 1.8.27-8ubuntu1.1+esm2 |
| htmldoc_project | htmldoc | >= 0 < 1.9.2-1ubuntu0.2+esm1 | 1.9.2-1ubuntu0.2+esm1 |
| htmldoc_project | htmldoc | >= 0 < 1.9.7-1ubuntu0.3+esm1 | 1.9.7-1ubuntu0.3+esm1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HTMLDOC vulnerabilities
osv·2025-01-08·CVSS 9.8
CVE-2021-20308 [CRITICAL] HTMLDOC vulnerabilities
HTMLDOC vulnerabilities
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to an integer overflow. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-20308)
It was discovered that HTMLDOC incorrectly handled memory in pspdf_export,
which could lead to a double-free. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23158)
It was discovered that HTMLDOC incorrectly handled memory when loading a
JPEG image, which could lead to a NULL pointer dereference. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-23191, CVE-2021-26948)
It was discovered that HTMLDOC incorrectly handled certain inputs, which
coul
GHSA
GHSA-vfx2-gpvv-rwcm: Buffer overflow vulnerability in htmldoc before 1
ghsa_unreviewed·2022-05-24
CVE-2021-40985 [MEDIUM] CWE-120 GHSA-vfx2-gpvv-rwcm: Buffer overflow vulnerability in htmldoc before 1
Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
OSV
CVE-2021-40985: A stack-based buffer under-read in htmldoc before 1
osv·2021-11-03·CVSS 5.5
CVE-2021-40985 [MEDIUM] CVE-2021-40985: A stack-based buffer under-read in htmldoc before 1
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
Ubuntu
HTMLDOC vulnerabilities
vendor_ubuntu·2025-01-08·CVSS 9.8
CVE-2021-34121 [CRITICAL] HTMLDOC vulnerabilities
Title: HTMLDOC vulnerabilities
Summary: Several security issues were fixed in HTMLDOC.
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to an integer overflow. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-20308)
It was discovered that HTMLDOC incorrectly handled memory in pspdf_export,
which could lead to a double-free. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23158)
It was discovered that HTMLDOC incorrectly handled memory when loading a
JPEG image, which could lead to a NULL pointer dereference. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-23191, CVE-2021-26948)
It was discov
Debian
CVE-2021-40985: htmldoc - A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to ca...
vendor_debian·2021·CVSS 5.5
CVE-2021-40985 [MEDIUM] CVE-2021-40985: htmldoc - A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to ca...
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
Scope: local
bookworm: resolved (fixed in 1.9.13-1)
bullseye: resolved (fixed in 1.9.11-4+deb11u1)
forky: resolved (fixed in 1.9.13-1)
sid: resolved (fixed in 1.9.13-1)
trixie: resolved (fixed in 1.9.13-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Buffer Under-read
mitre_cwe
CWE-127 Buffer Under-read
CWE-127: Buffer Under-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.
Modes of Introduction:
Phase: Implementation
Note: This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.
Common Consequences:
Scope: Confidentiality. Impact: Read Memory.
Scope: Confidentiality. Impact: Bypass Protection Mechanism. By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can bypass protection
CWE
Out-of-bounds Read
mitre_cwe
CWE-125 Out-of-bounds Read
CWE-125: Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory. An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
Scope: Confidentiality. Impact: Bypass Protection Mechanism. Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. An attacker could cause a segmentation fault or crash by causing memory to
https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43https://github.com/michaelrsweet/htmldoc/issues/444https://lists.debian.org/debian-lts-announce/2022/02/msg00022.htmlhttps://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43https://github.com/michaelrsweet/htmldoc/issues/444https://lists.debian.org/debian-lts-announce/2022/02/msg00022.html
2021-11-03
Published