cbcvebase.
CVE-2024-46478
published 2024-10-24

CVE-2024-46478: HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

PriorityP349critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.68%
47.8th percentile
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianhtmldoc< htmldoc 1.9.18-3 (forky)htmldoc 1.9.18-3 (forky)
htmldoc_projecthtmldoc
htmldoc_projecthtmldoc>= 0 < 1.9.18-31.9.18-3
htmldoc_projecthtmldoc>= 0 < 1.9.18-31.9.18-3
htmldoc_projecthtmldoc>= 0 < 1.8.27-8ubuntu1+esm41.8.27-8ubuntu1+esm4
htmldoc_projecthtmldoc>= 0 < 1.8.27-8ubuntu1.1+esm31.8.27-8ubuntu1.1+esm3
htmldoc_projecthtmldoc>= 0 < 1.9.2-1ubuntu0.2+esm21.9.2-1ubuntu0.2+esm2
htmldoc_projecthtmldoc>= 0 < 1.9.7-1ubuntu0.3+esm21.9.7-1ubuntu0.3+esm2
htmldoc_projecthtmldoc>= 0 < 1.9.15-1ubuntu0.1~esm11.9.15-1ubuntu0.1~esm1
htmldoc_projecthtmldoc>= 0 < 1.9.17-1ubuntu0.1~esm11.9.17-1ubuntu0.1~esm1

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.