CVE-2022-24191

michaelrsweet/htmldoc

on github

Published

April 4, 2022

Severity

CVSS v3:

5.5 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.

References

https://github.com/michaelrsweet/htmldoc/issues/470
https://lists.fedoraproject.org/archives/list/[email protected]/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:htmldoc_project:htmldoc::::::::	n/a	1.9.15	*
cpe:2.3:o:fedoraproject:fedora:34:::::::*	n/a	n/a	34

External Links

NVD - CVE-2022-24191