rpm package

opensuse/htmldoc&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/htmldoc&distro=openSUSE%20Tumbleweed

Vulnerabilities (8)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-46478	—	< 1.9.18-3.1	1.9.18-3.1	Oct 24, 2024	HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
CVE-2024-45508	—	< 1.9.18-2.1	1.9.18-2.1	Sep 1, 2024	HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
CVE-2022-27114	—	< 1.9.15-3.1	1.9.15-3.1	May 9, 2022	There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause
CVE-2022-28085	—	< 1.9.15-2.1	1.9.15-2.1	Apr 27, 2022	A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
CVE-2021-43579	—	< 1.9.14-1.1	1.9.14-1.1	Nov 12, 2021	A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
CVE-2021-40985	—	< 1.9.12-2.1	1.9.12-2.1	Nov 3, 2021	A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
CVE-2021-20308	—	< 1.9.12-1.2	1.9.12-1.2	Apr 5, 2021	Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
CVE-2009-3050	—	< 1.8.28-2.4	1.8.28-2.4	Sep 2, 2009	Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using

CVE-2024-46478Oct 24, 2024
affected < 1.9.18-3.1fixed 1.9.18-3.1
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
CVE-2024-45508Sep 1, 2024
affected < 1.9.18-2.1fixed 1.9.18-2.1
HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
CVE-2022-27114May 9, 2022
affected < 1.9.15-3.1fixed 1.9.15-3.1
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause
CVE-2022-28085Apr 27, 2022
affected < 1.9.15-2.1fixed 1.9.15-2.1
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
CVE-2021-43579Nov 12, 2021
affected < 1.9.14-1.1fixed 1.9.14-1.1
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
CVE-2021-40985Nov 3, 2021
affected < 1.9.12-2.1fixed 1.9.12-2.1
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
CVE-2021-20308Apr 5, 2021
affected < 1.9.12-1.2fixed 1.9.12-1.2
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.
CVE-2009-3050Sep 2, 2009
affected < 1.8.28-2.4fixed 1.8.28-2.4
Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using