Unrated severityNVD Advisory· Published Nov 12, 2021· Updated Aug 4, 2024
CVE-2021-43579
CVE-2021-43579
Description
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
Affected products
3- HTMLDOC/HTMLDOCdescription
- osv-coords2 versionspkg:rpm/opensuse/htmldoc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/htmldoc&distro=Subscription%20Management%20Tool%2011%20SP3
< 1.9.14-1.1+ 1 more
- (no CPE)range: < 1.9.14-1.1
- (no CPE)range: < 1.8.27-170.4.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58bmitrex_refsource_MISC
- github.com/michaelrsweet/htmldoc/compare/v1.9.12...v1.9.13mitrex_refsource_MISC
- github.com/michaelrsweet/htmldoc/issues/453mitrex_refsource_MISC
- github.com/michaelrsweet/htmldoc/issues/456mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2022/02/msg00022.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.