Htmldoc Project Htmldoc vulnerabilities

24 known vulnerabilities affecting htmldoc_project/htmldoc.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL6HIGH13MEDIUM5

Vulnerabilities

Page 1 of 2

CVE-2024-46478CRITICALCVSS 9.8v1.9.182024-10-24

CVE-2024-46478 [CRITICAL] CWE-120 CVE-2024-46478: HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

nvdosv

CVE-2024-45508CRITICALCVSS 9.8fixed in 1.9.192024-09-01

CVE-2024-45508 [CRITICAL] CWE-787 CVE-2024-45508: HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an atte HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.

nvdosv

CVE-2021-34121HIGHCVSS 7.8v1.9.122023-07-18

CVE-2021-34121 [HIGH] CWE-125 CVE-2021-34121: An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this pos An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.

nvdosv

CVE-2021-34119HIGHCVSS 7.8v1.9.122023-07-18

CVE-2021-34119 [HIGH] CWE-787 CVE-2021-34119: A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibl A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.

nvdosv

CVE-2022-0137MEDIUMCVSS 5.5fixed in 1.9.152022-11-14

CVE-2022-0137 [MEDIUM] CWE-119 CVE-2022-0137: A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to wri A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.

nvdosv

CVE-2022-34035HIGHCVSS 7.5≤ 1.9.122022-07-18

CVE-2022-34035 [HIGH] CWE-787 CVE-2022-34035: HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html. HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.

nvdosv

CVE-2022-34033HIGHCVSS 7.5v1.9.152022-07-18

CVE-2022-34033 [HIGH] CWE-787 CVE-2022-34033: HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.c HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.

nvdosv

CVE-2022-27114MEDIUMCVSS 5.5v1.9.162022-05-09

CVE-2022-27114 [MEDIUM] CWE-190 CVE-2022-27114: There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls mall There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines fu

nvdosv

CVE-2022-28085HIGHCVSS 7.8fixed in 1.9.162022-04-27

CVE-2022-28085 [HIGH] CWE-787 CVE-2022-28085: A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names i A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).

nvdosv

CVE-2022-24191MEDIUMCVSS 5.5fixed in 1.9.152022-04-04

CVE-2022-24191 [MEDIUM] CWE-835 CVE-2022-24191: In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily p In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.

nvdosv

CVE-2021-23158CRITICALCVSS 9.8v1.9.12vAffects v1.9.12 and before.2022-03-16

CVE-2021-23158 [CRITICAL] CWE-415 CVE-2021-23158: A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may res A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.

cvelistv5nvdosv

CVE-2021-23165CRITICALCVSS 9.8fixed in 1.9.12vbefore v1.9.122022-03-16

CVE-2021-23165 [CRITICAL] CWE-122 CVE-2021-23165: A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps- A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

cvelistv5nvdosv

CVE-2021-26259HIGHCVSS 7.8v1.9.12vv1.9.122022-03-03

CVE-2021-26259 [HIGH] CWE-787 CVE-2021-26259: A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.

cvelistv5nvdosv

CVE-2021-26948HIGHCVSS 7.8v1.9.11vv1.9.112022-03-03

CVE-2021-26948 [HIGH] CWE-479 CVE-2021-26948: Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.

cvelistv5nvdosv

CVE-2021-23206HIGHCVSS 7.8≤ 1.9.12vAffects v1.9.12 and prior, Fixed in v1.9.12+2022-03-02

CVE-2021-23206 [HIGH] CWE-121 CVE-2021-23206: A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

cvelistv5nvdosv

CVE-2021-23191HIGHCVSS 7.8≤ 1.9.12vFixed in htmldoc v1.9.12 and later.2022-03-02

CVE-2021-23191 [HIGH] CWE-476 CVE-2021-23191: A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.

cvelistv5nvdosv

CVE-2021-23180HIGHCVSS 7.8≤ 1.9.12vFixed in htmldoc v1.9.12 and above.2022-03-02

CVE-2021-23180 [HIGH] CWE-476 CVE-2021-23180: A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in f A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.

cvelistv5nvdosv

CVE-2021-26252HIGHCVSS 7.8v1.9.12vhtmldoc 1.9.152022-02-24

CVE-2021-26252 [HIGH] CWE-787 CVE-2021-26252: A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx m A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

cvelistv5nvdosv

CVE-2022-0534MEDIUMCVSS 5.5v1.9.15vhtmldoc 1.9.152022-02-09

CVE-2022-0534 [MEDIUM] CWE-125 CVE-2022-0534: A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place i A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).

cvelistv5nvdosv

CVE-2021-43579HIGHCVSS 7.8PoC≤ 1.9.132022-01-10

CVE-2021-43579 [HIGH] CWE-787 CVE-2021-43579: A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execut A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

nvdosv

1 / 2Next →