CVE-2021-40985 — Out-of-bounds Read in Project Htmldoc

CWE-125 — Out-of-bounds Read CWE-127 — Buffer Under-read CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

5.5MEDIUMNVD

OSV9.8

EPSS

0.1%

top 72.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Htmldoc Project Htmldoc Debian Htmldoc Debian Linux

Timeline

PublishedNov 3

Latest updateJan 8

Description

A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/htmldoc< htmldoc 1.9.13-1 (bookworm)

▶NVDhtmldoc_project/htmldoc< 1.9.12

▶Debianhtmldoc_project/htmldoc< 1.9.11-4+deb11u1+3

▶Ubuntuhtmldoc_project/htmldoc< 1.8.27-8ubuntu1+esm3+3

Also affects: Debian Linux 9.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

HTMLDOC vulnerabilities↗2025-01-08

▶

GHSA

GHSA-vfx2-gpvv-rwcm: Buffer overflow vulnerability in htmldoc before 1↗2022-05-24

▶

OSV

CVE-2021-40985: A stack-based buffer under-read in htmldoc before 1↗2021-11-03

▶

📋Vendor Advisories

Ubuntu

HTMLDOC vulnerabilities↗2025-01-08

▶

Debian

CVE-2021-40985: htmldoc - A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to ca...↗2021

▶

📐Framework References

CWE

Buffer Under-read↗

▶

CWE

Out-of-bounds Read↗

▶