CVE-2021-23206

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions htmldoc versions 1.9.12 and prior

Description The issue is related to a stack buffer overflow in the parse table() function of the ps-pdf.cxx component. This can lead to arbitrary code execution and denial of service, allowing an attacker to access confidential data, compromise its integrity, and disrupt service.

Recommendations For versions 1.9.12 and prior, update to a version that fixes the stack buffer overflow in the parse table() function. As a temporary workaround, consider restricting access to the parse table() function in ps-pdf.cxx to minimize the risk of exploitation.

Exploit

Fix

DoS

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

ALT-PU-2022-2627

ALT-PU-2022-2729

BDU:2024-07296

CVE-2021-23206

DLA-2700-1

DSA-4928-1

MGASA-2021-0332

USN-7189-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Ubuntu

Htmldoc

CVE-2021-23206

Weakness Enumeration

Related Identifiers

Affected Products

References · 35