CVE-2022-27114

michaelrsweet/htmldoc

on github

Published

May 9, 2022

Severity

CVSS v3:

5.5 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.

References

https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275
https://github.com/michaelrsweet/htmldoc/issues/471
https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:htmldoc_project:htmldoc:1.9.16:::::::*	n/a	n/a	1.9.16
cpe:2.3:o:debian:debian_linux:9.0:::::::*	n/a	n/a	9.0

External Links

NVD - CVE-2022-27114