CVE-2021-20308: Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
Actually, looks like there is no released version available.
Numerous vulnerabilities fixed in 1.9.12: Fixed a crash bug with "data:" URIs and EPUB output (Issue #410) Fixed crash bugs for books (Issue #412, Issue #414) Fixed a number-up crash bug (Issue #413) Fixed JPEG error handling (Issue #415) Fixed crash bugs with bogus table attributes (Issue #416, Issue #417) Fixed a crash bug with malformed URIs (Issue #418) Fixed a crash bug with malformed GIF files (Issue #423) Fixed a crash bug with empty titles (Issue #425) Fixed crash bugs with bogus text (Issue #426, Issue #429, Issue #430, Issue #431) Fixed some issues reported by Coverity. Removed the bundled libjpeg, libpng, and zlib.
Package list is empty or all packages have requested keywords.
CVE-2021-40985: Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
More in 1.9.13: - Fixed an issue with large values for roman numerals and letters in headings (Issue #433) - Fixed a crash bug when a HTML comment contains an invalid nul character (Issue #439) - Fixed a crash bug with bogus BMP images (Issue #444) - Fixed a potential heap overflow bug with bogus GIF images (Issue #451) - Fixed a potential stack overflow bug with bogus BMP images (Issue #453)
CVE-2021-43579 A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. URLs: https://nvd.nist.gov/vuln/detail/CVE-2021-43579 https://github.com/michaelrsweet/htmldoc/issues/456 Fixed in: HTMLDOC 1.9.14 is a bug fix release. Changes include: BMP image support is now deprecated and will be removed in a future release of HTMLDOC. Fixed a potential stack overflow bug with GIF images. Fixed the PDF creation date (Issue #455) Fixed a potential stack overflow bug with BMP images (Issue #456) Fixed a compile issue when libpng was not available (Issue #458)
More in 1.9.15: - Fixed a potential heap overflow bug with GIF images (Issue #461) - Fixed a potential double-free bug with PNG images (Issue #462) - Fixed a potential stack overflow bug with GIF images (Issue #463) - Fixed a potential heap underflow bug with empty attributes (Issue #464) - Fixed a potential stack overflow bug with BMP images (Issue #466) - Fixed a potential heap overflow bug with the table-of-contents (Issue #467) - Fixed a potential heap overflow bug with headings (Issue #468) - Fixed a potential stack overflow bug with GIF images (Issue #470)
CVE-2022-0534 (https://github.com/michaelrsweet/htmldoc/issues/463): A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). Contrary to the CVE description, the patch is in 1.9.15.
CVE-2021-26252 (https://bugzilla.redhat.com/show_bug.cgi?id=1967009): A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
CVE-2021-23180 (https://ubuntu.com/security/CVE-2021-23180): A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service. CVE-2021-23191 (https://ubuntu.com/security/CVE-2021-23191): A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service. CVE-2021-23206 (https://ubuntu.com/security/CVE-2021-23206): A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
(In reply to John Helmert III from comment #15) > CVE-2021-23180 (https://ubuntu.com/security/CVE-2021-23180): > > A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference > in file_extension(),in file.c may lead to execute arbitrary code and denial > of service. > > CVE-2021-23191 (https://ubuntu.com/security/CVE-2021-23191): > > A security issue was found in htmldoc v1.9.12 and before. A NULL pointer > dereference in the function image_load_jpeg() in image.cxx may result in > denial of service. > > CVE-2021-23206 (https://ubuntu.com/security/CVE-2021-23206): > > A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in > parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of > service. https://github.com/michaelrsweet/htmldoc/issues/416 https://github.com/michaelrsweet/htmldoc/issues/418 https://github.com/michaelrsweet/htmldoc/issues/415 Patches are in 1.9.12, contrary to CVE description.
CVE-2021-26259 (https://github.com/michaelrsweet/htmldoc/issues/417): A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. CVE-2021-26948 (https://github.com/michaelrsweet/htmldoc/issues/410): Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. Fixes in 1.9.12.
CVE-2021-23158 (https://github.com/michaelrsweet/htmldoc/issues/414): https://bugzilla.redhat.com/show_bug.cgi?id=1967018 A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service. CVE-2021-23165 (https://github.com/michaelrsweet/htmldoc/issues/413): https://bugzilla.redhat.com/show_bug.cgi?id=1967014 A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
CVE-2022-24191 (https://github.com/michaelrsweet/htmldoc/issues/470): In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
CVE-2022-28085 (https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348): A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
CVE-2022-27114 (https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275): https://github.com/michaelrsweet/htmldoc/issues/471 There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
