CVE-2022-0534

michaelrsweet/htmldoc

on github

Published

February 9, 2022

Severity

CVSS v3:

5.5 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).

References

https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9
https://github.com/michaelrsweet/htmldoc/issues/463
https://lists.debian.org/debian-lts-announce/2022/02/msg00022.html

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:htmldoc_project:htmldoc:1.9.15:::::::*	n/a	n/a	1.9.15
cpe:2.3:o:debian:debian_linux:9.0:::::::*	n/a	n/a	9.0

External Links

NVD - CVE-2022-0534