Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 780489 (CVE-2021-20308, CVE-2021-40985, CVE-2021-43579) - app-text/htmldoc: multiple vulnerabilities
Summary: app-text/htmldoc: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2021-20308, CVE-2021-40985, CVE-2021-43579
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/michaelrsweet/html...
Whiteboard: B2 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-06 01:58 UTC by John Helmert III
Modified: 2022-01-11 03:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-04-06 01:58:44 UTC
CVE-2021-20308:

Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
Comment 1 John Helmert III gentoo-dev Security 2021-04-06 21:52:05 UTC
Actually, looks like there is no released version available.
Comment 2 John Helmert III gentoo-dev Security 2021-05-23 03:18:00 UTC
Numerous vulnerabilities fixed in 1.9.12:


    Fixed a crash bug with "data:" URIs and EPUB output (Issue #410)
    Fixed crash bugs for books (Issue #412, Issue #414)
    Fixed a number-up crash bug (Issue #413)
    Fixed JPEG error handling (Issue #415)
    Fixed crash bugs with bogus table attributes (Issue #416, Issue #417)
    Fixed a crash bug with malformed URIs (Issue #418)
    Fixed a crash bug with malformed GIF files (Issue #423)
    Fixed a crash bug with empty titles (Issue #425)
    Fixed crash bugs with bogus text (Issue #426, Issue #429, Issue #430,
    Issue #431)
    Fixed some issues reported by Coverity.
    Removed the bundled libjpeg, libpng, and zlib.
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:23:19 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:31:39 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:39:36 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 17:47:46 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:03:42 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-07-29 18:12:01 UTC
Package list is empty or all packages have requested keywords.
Comment 9 John Helmert III gentoo-dev Security 2021-11-03 19:18:00 UTC
CVE-2021-40985:

Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
Comment 10 John Helmert III gentoo-dev Security 2021-11-05 20:17:26 UTC
More in 1.9.13:

- Fixed an issue with large values for roman numerals and letters in headings
  (Issue #433)
- Fixed a crash bug when a HTML comment contains an invalid nul character
  (Issue #439)
- Fixed a crash bug with bogus BMP images (Issue #444)
- Fixed a potential heap overflow bug with bogus GIF images (Issue #451)
- Fixed a potential stack overflow bug with bogus BMP images (Issue #453)
Comment 11 filip ambroz 2022-01-10 17:51:59 UTC
CVE-2021-43579

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-43579
https://github.com/michaelrsweet/htmldoc/issues/456

Fixed in:
HTMLDOC 1.9.14 is a bug fix release. Changes include:

    BMP image support is now deprecated and will be removed in a future
    release of HTMLDOC.
    Fixed a potential stack overflow bug with GIF images.
    Fixed the PDF creation date (Issue #455)
    Fixed a potential stack overflow bug with BMP images (Issue #456)
    Fixed a compile issue when libpng was not available (Issue #458)