AVG-1773 log

Package htmldoc
Status Fixed
Severity Medium
Type multiple issues
Affected 1.9.11-1
Fixed 1.9.12-1
Current 1.9.18-1 [extra]
Ticket None
Created Mon Apr 5 20:55:49 2021
Issue Severity Remote Type Description
CVE-2021-26948 Low No Denial of service
A null pointer dereference in htmldoc before version 1.9.12 may allow attackers to cause a denial of service via a crafted html file.
CVE-2021-26259 Medium No Arbitrary code execution
A security issue was found in htmldoc before version 1.9.12. A heap buffer overflow in render_table_row() in ps-pdf.cxx may lead to arbitrary code execution...
CVE-2021-26252 Medium No Arbitrary code execution
A security issue was found in htmldoc before version 1.9.12. A heap buffer overflow in pspdf_prepare_page() in ps-pdf.cxx may lead to arbitrary code...
CVE-2021-23206 Medium No Arbitrary code execution
A security issue was found in htmldoc before version 1.9.12. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to arbitrary code execution and...
CVE-2021-23191 Low No Denial of service
A security issue was found in htmldoc before version 1.9.12. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial...
CVE-2021-23180 Low No Denial of service
A security issue was found in htmldoc before version 1.9.12. A null pointer dereference in file_extension() in file.c may lead to denial of service.
CVE-2021-23165 Medium No Arbitrary code execution
A security issue was found in htmldoc before version 1.9.12. A heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to arbitrary code...
CVE-2021-23158 Medium No Arbitrary code execution
A security issue was found in htmldoc before version 1.9.12. Double- free in function pspdf_export() in ps-pdf.cxx may result in a write- what-where...
CVE-2021-20308 Medium No Arbitrary code execution
Integer overflow in htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.