CVE-2021-23191

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions htmldoc versions 1.9.12 and earlier

Description A security issue is found in the image load jpeg() function of the image.cxx component, related to NULL pointer dereference errors. This issue may allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For htmldoc versions 1.9.12 and earlier, consider disabling the image load jpeg() function as a temporary workaround until a patch is available. Restrict access to the image.cxx component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2022-2627

ALT-PU-2022-2729

BDU:2024-07295

CVE-2021-23191

DLA-2700-1

DSA-4928-1

MGASA-2021-0332

USN-7189-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Htmldoc

CVE-2021-23191

Weakness Enumeration

Related Identifiers

Affected Products

References · 35