CVE-2021-23180

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions htmldoc versions 1.9.12 and earlier

Description The issue is related to a null pointer dereference in the file extension() function, located in the file.c component of the htmldoc tool. This can lead to arbitrary code execution and denial of service, allowing an attacker to access confidential data, compromise its integrity, and disrupt service.

Recommendations For versions 1.9.12 and earlier, update to a version that fixes the null pointer dereference issue in the file extension() function. As a temporary workaround, consider restricting access to the file extension() function in the file.c component to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2022-2627

ALT-PU-2022-2729

BDU:2024-07294

CVE-2021-23180

DLA-2700-1

DSA-4928-1

MGASA-2021-0332

USN-5198-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Htmldoc

CVE-2021-23180

Weakness Enumeration

Related Identifiers

Affected Products

References · 25