CVE-2021-26252

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions htmldoc version 1.9.12

Description A flaw in htmldoc may lead to a heap buffer overflow in the pspdf prepare page() function, located in ps-pdf.cxx, potentially allowing an attacker to execute arbitrary code and cause a denial of service. The vulnerability is related to a buffer overflow, which can be exploited to access confidential data, compromise data integrity, and disrupt service.

Recommendations For htmldoc version 1.9.12, consider disabling the pspdf prepare page() function as a temporary workaround until a patch is available. Restrict access to the ps-pdf.cxx component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2024-07298

CVE-2021-26252

DLA-2700-1

DSA-4928-1

MGASA-2021-0332

USN-7189-1

Affected Products

Astra Linux

Linuxmint

Ubuntu

Htmldoc

CVE-2021-26252

Weakness Enumeration

Related Identifiers

Affected Products

References · 33