Voiddy-Devo

**Name of the Vulnerable Software and Affected Versions** HTMLDOC version 1.9.14 **Description** The issue is caused by an infinite loop in the `gif read lzw` function, which can lead to a pointer arbitrarily pointing to heap memory, resulting in a buffer overflow. **Recommendations** For HTMLDOC version 1.9.14, consider disabling the `gif read lzw` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** HTMLDOC versions prior to 1.9.14 **Description** A stack-based buffer overflow in the `image load bmp()` function results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. **Recommendations** For versions prior to 1.9.14, update to version 1.9.14 or later to resolve the issue.