CVE-2024-45508

Опубликовано: 01 сент. 2024

Источник: debian

Описание

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
htmldoc	fixed	1.9.18-2		package
htmldoc	no-dsa		bookworm	package
htmldoc	postponed		bullseye	package

Примечания

https://github.com/michaelrsweet/htmldoc/issues/528
https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2
in issue #528 a regression was mentioned that should be fixed by:
https://github.com/michaelrsweet/htmldoc/commit/aaffa753c0dfe1b82a43051847f77c582e32a235
but this commit is basically a revert of the initial fix
attention: in version 1.9.19 a new string pool was introduced

Связанные уязвимости

CVE-2024-45508

CVSS3: 9.8

ubuntu

больше 1 года назад

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.

CVE-2024-45508

CVSS3: 9.8

nvd

больше 1 года назад

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.

openSUSE-SU-2024:0304-1

suse-cvrf

больше 1 года назад

Security update for htmldoc

openSUSE-SU-2024:0303-1

suse-cvrf

больше 1 года назад

Security update for htmldoc

GHSA-jmwj-mmwj-qm9h

CVSS3: 9.8

github

больше 1 года назад

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.