Unrated severityNVD Advisory· Published May 9, 2022· Updated Aug 3, 2024

CVE-2022-27114

Description

There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.

Affected products

Htmldoc/Htmldoccpe-rescue
osv-coords
pkg:rpm/opensuse/htmldoc&distro=openSUSE%20Tumbleweed
Range: < 1.9.15-3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275mitrex_refsource_MISC
github.com/michaelrsweet/htmldoc/issues/471mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2022/05/msg00014.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000