Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
Actually, looks like there is no released version available.
Numerous vulnerabilities fixed in 1.9.12:
Fixed a crash bug with "data:" URIs and EPUB output (Issue #410)
Fixed crash bugs for books (Issue #412, Issue #414)
Fixed a number-up crash bug (Issue #413)
Fixed JPEG error handling (Issue #415)
Fixed crash bugs with bogus table attributes (Issue #416, Issue #417)
Fixed a crash bug with malformed URIs (Issue #418)
Fixed a crash bug with malformed GIF files (Issue #423)
Fixed a crash bug with empty titles (Issue #425)
Fixed crash bugs with bogus text (Issue #426, Issue #429, Issue #430,
Fixed some issues reported by Coverity.
Removed the bundled libjpeg, libpng, and zlib.
Package list is empty or all packages have requested keywords.
Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
More in 1.9.13:
- Fixed an issue with large values for roman numerals and letters in headings
- Fixed a crash bug when a HTML comment contains an invalid nul character
- Fixed a crash bug with bogus BMP images (Issue #444)
- Fixed a potential heap overflow bug with bogus GIF images (Issue #451)
- Fixed a potential stack overflow bug with bogus BMP images (Issue #453)
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
HTMLDOC 1.9.14 is a bug fix release. Changes include:
BMP image support is now deprecated and will be removed in a future
release of HTMLDOC.
Fixed a potential stack overflow bug with GIF images.
Fixed the PDF creation date (Issue #455)
Fixed a potential stack overflow bug with BMP images (Issue #456)
Fixed a compile issue when libpng was not available (Issue #458)