Untaman

**Name of the Vulnerable Software and Affected Versions** man2html version 1.6g GLIBC versions prior to 2.29 **Description** A specific string read from a file can overwrite the size parameter in the top chunk of the heap, causing a segmentation abort if the heap size parameter is not aligned correctly. In versions before GLIBC 2.29, and when aligned correctly, this allows arbitrary write access anywhere in the program's memory. **Recommendations** For man2html version 1.6g, consider updating to a version that uses GLIBC version 2.29 or later to mitigate the risk. For GLIBC versions prior to 2.29, as a temporary workaround, consider restricting access to files that could contain the specific string, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** man2html version 1.6g **Description** The issue allows a filename to be created that overwrites the previous size parameter of the next chunk and the `fd`, `bk`, `fd nextsize`, `bk nextsize` of the current chunk. This results in the freeing of an arbitrary amount of memory when the next chunk is freed later on. **Recommendations** For man2html version 1.6g, consider updating to a newer version that addresses this issue, as the current version allows for the creation of a malicious filename that can cause memory corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.