CVE-2009-3050

Name of the Vulnerable Software and Affected Versions: HTMLDOC versions 1.8.27 and earlier

Description: The issue allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. It was also reported that there are additional vectors using an AFM font file with a long glyph name in certain files, although these do not cross privilege boundaries.

Recommendations: For HTMLDOC versions 1.8.27 and earlier, consider updating to a newer version to mitigate the risk, although the specific fixed version is not provided. As a temporary workaround, consider restricting the use of the set page size function in util.cxx until a patch is available. Additionally, avoid using AFM font files with long glyph names in htmllib.cxx and ps-pdf.cxx to minimize the risk of exploitation.