Summary: | <app-text/htmldoc-1.9.16: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/michaelrsweet/htmldoc/releases/tag/v1.9.12 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 886677 | ||
Bug Blocks: |
Description
John Helmert III
2021-04-06 01:58:44 UTC
Actually, looks like there is no released version available. Numerous vulnerabilities fixed in 1.9.12: Fixed a crash bug with "data:" URIs and EPUB output (Issue #410) Fixed crash bugs for books (Issue #412, Issue #414) Fixed a number-up crash bug (Issue #413) Fixed JPEG error handling (Issue #415) Fixed crash bugs with bogus table attributes (Issue #416, Issue #417) Fixed a crash bug with malformed URIs (Issue #418) Fixed a crash bug with malformed GIF files (Issue #423) Fixed a crash bug with empty titles (Issue #425) Fixed crash bugs with bogus text (Issue #426, Issue #429, Issue #430, Issue #431) Fixed some issues reported by Coverity. Removed the bundled libjpeg, libpng, and zlib. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. CVE-2021-40985: Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. More in 1.9.13: - Fixed an issue with large values for roman numerals and letters in headings (Issue #433) - Fixed a crash bug when a HTML comment contains an invalid nul character (Issue #439) - Fixed a crash bug with bogus BMP images (Issue #444) - Fixed a potential heap overflow bug with bogus GIF images (Issue #451) - Fixed a potential stack overflow bug with bogus BMP images (Issue #453) CVE-2021-43579 A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-43579 https://github.com/michaelrsweet/htmldoc/issues/456 Fixed in: HTMLDOC 1.9.14 is a bug fix release. Changes include: BMP image support is now deprecated and will be removed in a future release of HTMLDOC. Fixed a potential stack overflow bug with GIF images. Fixed the PDF creation date (Issue #455) Fixed a potential stack overflow bug with BMP images (Issue #456) Fixed a compile issue when libpng was not available (Issue #458) More in 1.9.15: - Fixed a potential heap overflow bug with GIF images (Issue #461) - Fixed a potential double-free bug with PNG images (Issue #462) - Fixed a potential stack overflow bug with GIF images (Issue #463) - Fixed a potential heap underflow bug with empty attributes (Issue #464) - Fixed a potential stack overflow bug with BMP images (Issue #466) - Fixed a potential heap overflow bug with the table-of-contents (Issue #467) - Fixed a potential heap overflow bug with headings (Issue #468) - Fixed a potential stack overflow bug with GIF images (Issue #470) CVE-2022-0534 (https://github.com/michaelrsweet/htmldoc/issues/463): A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). Contrary to the CVE description, the patch is in 1.9.15. CVE-2021-26252 (https://bugzilla.redhat.com/show_bug.cgi?id=1967009): A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. CVE-2021-23180 (https://ubuntu.com/security/CVE-2021-23180): A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. CVE-2021-23191 (https://ubuntu.com/security/CVE-2021-23191): A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. CVE-2021-23206 (https://ubuntu.com/security/CVE-2021-23206): A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service. (In reply to John Helmert III from comment #15) > CVE-2021-23180 (https://ubuntu.com/security/CVE-2021-23180): > > A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference > in file_extension(),in file.c may lead to execute arbitrary code and denial > of service. > > CVE-2021-23191 (https://ubuntu.com/security/CVE-2021-23191): > > A security issue was found in htmldoc v1.9.12 and before. A NULL pointer > dereference in the function image_load_jpeg() in image.cxx may result in > denial of service. > > CVE-2021-23206 (https://ubuntu.com/security/CVE-2021-23206): > > A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in > parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of > service. https://github.com/michaelrsweet/htmldoc/issues/416 https://github.com/michaelrsweet/htmldoc/issues/418 https://github.com/michaelrsweet/htmldoc/issues/415 Patches are in 1.9.12, contrary to CVE description. CVE-2021-26259 (https://github.com/michaelrsweet/htmldoc/issues/417): A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. CVE-2021-26948 (https://github.com/michaelrsweet/htmldoc/issues/410): Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. Fixes in 1.9.12. CVE-2021-23158 (https://github.com/michaelrsweet/htmldoc/issues/414): https://bugzilla.redhat.com/show_bug.cgi?id=1967018 A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service. CVE-2021-23165 (https://github.com/michaelrsweet/htmldoc/issues/413): https://bugzilla.redhat.com/show_bug.cgi?id=1967014 A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service. CVE-2022-24191 (https://github.com/michaelrsweet/htmldoc/issues/470): In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. CVE-2022-28085 (https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348): A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). CVE-2022-27114 (https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275): https://github.com/michaelrsweet/htmldoc/issues/471 There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. 1.9.16 released with new batch of security fixes: - Fixed a potential image overflow bug with JPEG and PNG images (Issue #471) - Fixed potential heap overflow bugs with pages (Issue #477, Issue #478, Issue #480, Issue #482, Issue #483) - Fixed potential use-after-free in blocks (Issue #484) CVE-2022-34033 (https://github.com/michaelrsweet/htmldoc/issues/425): HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273. CVE-2022-34035 (https://github.com/michaelrsweet/htmldoc/issues/426): HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588. Patches in 1.9.12, despite CVE descriptions. CVE-2021-33235 (https://github.com/michaelrsweet/htmldoc/issues/426): Buffer overflow vulnerability in write_node in htmldoc through 1.9.11 allows attackers to cause a denial of service via htmldoc/htmldoc/html.cxx:588. CVE-2021-33236 (https://github.com/michaelrsweet/htmldoc/issues/425): Buffer Overflow vulnerability in write_header in htmldoc through 1.9.11 allows attackers to casue a denial of service via /htmldoc/htmldoc/html.cxx:273. CVE-2022-0137 (https://github.com/michaelrsweet/htmldoc/issues/461): A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. Patch (indeed in 1.9.15): https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=220a34fb87577682cf03af955c65fc977a7d17db commit 220a34fb87577682cf03af955c65fc977a7d17db Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-11-16 17:19:27 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-16 17:23:23 +0000 app-text/htmldoc: add 1.9.16 Bug: https://bugs.gentoo.org/780489 Signed-off-by: John Helmert III <ajak@gentoo.org> app-text/htmldoc/Manifest | 1 + app-text/htmldoc/htmldoc-1.9.16.ebuild | 52 ++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f15611a577733c7d7c422d28d77eaf568f2afefd commit f15611a577733c7d7c422d28d77eaf568f2afefd Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-12-18 22:40:40 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-19 02:48:01 +0000 app-text/htmldoc: drop 1.9.11-r1 Bug: https://bugs.gentoo.org/780489 Signed-off-by: John Helmert III <ajak@gentoo.org> app-text/htmldoc/Manifest | 1 - app-text/htmldoc/htmldoc-1.9.11-r1.ebuild | 58 ------------------------------- 2 files changed, 59 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a3a3a230619365c2e79d56731688552d0c01130f commit a3a3a230619365c2e79d56731688552d0c01130f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 08:44:19 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 08:44:42 +0000 [ GLSA 202405-07 ] HTMLDOC: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/780489 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-07.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) |