CVE-2019-19630
on github
Published
Severity
CVSS v3:
7.8 HIGH
CVSS v2:
6.8 MEDIUM
Description
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.
References
- https://github.com/michaelrsweet/htmldoc/issues/370
- https://lists.debian.org/debian-lts-announce/2019/12/msg00008.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/FEUT3LG6DWTICKXYAN4SWOQWWCGHPLDJ/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/7MZLVUBON5AYWYTFTJ4HBSHGTQTY7KBN/
- https://lists.debian.org/debian-lts-announce/2021/07/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEUT3LG6DWTICKXYAN4SWOQWWCGHPLDJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MZLVUBON5AYWYTFTJ4HBSHGTQTY7KBN/
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:htmldoc_project:htmldoc:1.9.7:*:*:*:*:*:*:* | n/a | n/a | 1.9.7 |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | n/a | n/a | 8.0 |
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | n/a | n/a | 9.0 |
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* | n/a | n/a | 30 |
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* | n/a | n/a | 31 |