PT-2019-6156 · Htmldoc+2 · Htmldoc+2
Fcambus
·
Published
2019-12-08
·
Updated
2023-02-01
·
CVE-2019-19630
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
htmldoc version 1.9.7
Description
The issue is related to a buffer overflow in the
hd strlcpy() function, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. This can occur when a crafted HTML document is processed.Recommendations
For htmldoc version 1.9.7, consider disabling the
hd strlcpy() function as a temporary workaround until a patch is available. Restrict access to the render contents function in ps-pdf.cxx to minimize the risk of exploitation. Avoid using crafted HTML documents that can trigger the buffer overflow in the hd strlcpy() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Ubuntu
Htmldoc