Debian Htmldoc vulnerabilities

CVE-2024-45508 [CRITICAL] CVE-2024-45508: htmldoc - HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cx... HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.9.18-2) sid: resolved (fixed in 1.9.18-2) trixie: resolved (fixed in 1.9.18-2)

CVE-2024-46478 [CRITICAL] CVE-2024-46478: htmldoc - HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681... HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.9.18-3) sid: resolved (fixed in 1.9.18-3) trixie: resolved (fixed in 1.9.18-3)

CVE-2022-27114 [MEDIUM] CVE-2022-27114: htmldoc - There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cx... There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. Scope:

CVE-2022-24191 [MEDIUM] CVE-2022-24191: htmldoc - In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a p... In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. Scope: local bookworm: resolved (fixed in 1.9.15-1) bullseye: resolved (fixed in 1.9.11-4+deb11u3) forky: resolved (fixed in 1.9.15-1) sid: resolved (fixed in 1.9.15-1) trixie: resolved (fixed in 1.9.15-1)

CVE-2022-0137 [HIGH] CVE-2022-0137: htmldoc - A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allow... A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. Scope: local bookworm: resolved (fixed in 1.9.15-1) bullseye: open forky: resolved (fixed in 1.9.15-1) sid: resolved (fixed in 1.9.15-1) trixie: resolved (fixed in 1.9.15-1)

CVE-2022-0534 [MEDIUM] CVE-2022-0534: htmldoc - A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bound... A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). Scope: local bookworm: resolved (fixed in 1.9.15-1) bullseye: resolved (fixed in 1.9.11-4+deb11u2) forky: resolved (fixed in 1.9.15-1) sid: resolved (fixed

CVE-2022-34033 [HIGH] CVE-2022-34033: htmldoc - HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /ht... HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273. Scope: local bookworm: resolved (fixed in 1.9.12-1) bullseye: open forky: resolved (fixed in 1.9.12-1) sid: resolved (fixed in 1.9.12-1) trixie: resolved (fixed in 1.9.12-1)

CVE-2022-28085 [HIGH] CVE-2022-28085: htmldoc - A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the functi... A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). Scope: local bookworm: resolved (fixed in 1.9.15-2) bullseye: resolved (fixed in 1.9.11-4+deb11u3) forky: resolved (fixed in 1.9.15-2) sid: resolved (fixed in 1.9.15-2) trixie: resolved (fi

CVE-2022-34035 [HIGH] CVE-2022-34035: htmldoc - HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node h... HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588. Scope: local bookworm: resolved (fixed in 1.9.12-1) bullseye: open forky: resolved (fixed in 1.9.12-1) sid: resolved (fixed in 1.9.12-1) trixie: resolved (fixed in 1.9.12-1)

CVE-2021-23165 [CRITICAL] CVE-2021-23165: htmldoc - A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepar... A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service. Scope: local bookworm: resolved (fixed in 1.9.11-4) bullseye: resolved (fixed in 1.9.11-4) forky: resolved (fixed in 1.9.11-4) sid: resolved (fixed in 1.9.11-4) trixie: resolved (fixed in 1.9.11-4)

CVE-2021-26948 [HIGH] CVE-2021-26948: htmldoc - Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers t... Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. Scope: local bookworm: resolved (fixed in 1.9.11-4) bullseye: resolved (fixed in 1.9.11-4) forky: resolved (fixed in 1.9.11-4) sid: resolved (fixed in 1.9.11-4) trixie: resolved (fixed in 1.9.11-4)

CVE-2021-34121 [HIGH] CVE-2021-34121: htmldoc - An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() ... An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution. Scope: local bookworm: resolved (fixed in 1.9.13-1) bullseye: open forky: resolved (fixed in 1.9.13-1) sid: resolved (fixed i

CVE-2021-20308 [HIGH] CVE-2021-20308: htmldoc - Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute... Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. Scope: local bookworm: resolved (fixed in 1.9.11-3) bullseye: resolved (fixed in 1.9.11-3) forky: resolved (fixed in 1.9.11-3) sid: resolved (fixed in 1.9.11-3) trixie: resolved (fixed in 1.9.11-3)

CVE-2021-40985 [MEDIUM] CVE-2021-40985: htmldoc - A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to ca... A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. Scope: local bookworm: resolved (fixed in 1.9.13-1) bullseye: resolved (fixed in 1.9.11-4+deb11u1) forky: resolved (fixed in 1.9.13-1) sid: resolved (fixed in 1.9.13-1) trixie: resolved (fixed in 1.9.13-1)

CVE-2021-23191 [HIGH] CVE-2021-23191: htmldoc - A security issue was found in htmldoc v1.9.12 and before. A NULL pointer derefer... A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. Scope: local bookworm: resolved (fixed in 1.9.11-4) bullseye: resolved (fixed in 1.9.11-4) forky: resolved (fixed in 1.9.11-4) sid: resolved (fixed in 1.9.11-4) trixie: resolved (fixed in 1.9.11-4)

CVE-2021-23206 [HIGH] CVE-2021-23206: htmldoc - A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in par... A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. Scope: local bookworm: resolved (fixed in 1.9.11-4) bullseye: resolved (fixed in 1.9.11-4) forky: resolved (fixed in 1.9.11-4) sid: resolved (fixed in 1.9.11-4) trixie: resolved (fixed in 1.9.11-4)

CVE-2021-23158 [CRITICAL] CVE-2021-23158: htmldoc - A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),i... A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service. Scope: local bookworm: resolved (fixed in 1.9.11-4) bullseye: resolved (fixed in 1.9.11-4) forky: resolved (fixed in 1.9.11-4) sid: resolved (fixed in 1.9.11

CVE-2021-23180 [HIGH] CVE-2021-23180: htmldoc - A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in f... A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. Scope: local bookworm: resolved (fixed in 1.9.11-4) bullseye: resolved (fixed in 1.9.11-4) forky: resolved (fixed in 1.9.11-4) sid: resolved (fixed in 1.9.11-4) trixie: resolved (fixed in 1.9.11-4)

CVE-2021-26252 [HIGH] CVE-2021-26252: htmldoc - A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_pa... A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. Scope: local bookworm: resolved (fixed in 1.9.11-4) bullseye: resolved (fixed in 1.9.11-4) forky: resolved (fixed in 1.9.11-4) sid: resolved (fixed in 1.9.11-4) trixie: resolved (fixed in 1.9.11-4)

CVE-2021-43579 [HIGH] CVE-2021-43579: htmldoc - A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results i... A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. Scope: local bookworm: resolved (fixed in 1.9.13-1) bullseye: resolved (fixed in 1.9.11-4+deb11u1) forky: resolved (fixed in 1.9.13-1) sid: resolved (fixed in 1.9.13-1) trixie: resolved (fixed