Описание
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 1.9.16-1 |
| esm-apps/bionic | released | 1.9.2-1ubuntu0.2+esm2 |
| esm-apps/focal | released | 1.9.7-1ubuntu0.3+esm2 |
| esm-apps/jammy | released | 1.9.15-1ubuntu0.1~esm1 |
| esm-apps/noble | not-affected | 1.9.16-1 |
| esm-apps/xenial | released | 1.8.27-8ubuntu1.1+esm3 |
| esm-infra-legacy/trusty | released | 1.8.27-8ubuntu1+esm4 |
| focal | ignored | end of standard support, was needed |
| impish | ignored | end of life |
Показывать по
4.3 Medium
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg functio ...
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
4.3 Medium
CVSS2
5.5 Medium
CVSS3