PT-2019-6156 · Htmldoc+2 · Htmldoc+2

Fcambus

Publicado

2019-12-08

Atualizado

2023-02-01

CVE-2019-19630

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions htmldoc version 1.9.7

Description The issue is related to a buffer overflow in the hd strlcpy() function, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. This can occur when a crafted HTML document is processed.

Recommendations For htmldoc version 1.9.7, consider disabling the hd strlcpy() function as a temporary workaround until a patch is available. Restrict access to the render contents function in ps-pdf.cxx to minimize the risk of exploitation. Avoid using crafted HTML documents that can trigger the buffer overflow in the hd strlcpy() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

BDU:2022-00272

CVE-2019-19630

DLA-2026-1

DLA-2700-1

MGASA-2019-0403

SUSE-SU-2022:14898-1

USN-4696-1

Produtos afetados

Astra Linux

Ubuntu

Htmldoc

PT-2019-6156 · Htmldoc+2 · Htmldoc+2

CVE-2019-19630

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33