CVE-2021-26259

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HTMLDOC version 1.9.12

Description The issue is related to a heap buffer overflow in the render table row() function, located in the ps-pdf.cxx component of the HTMLDOC tool. This overflow can lead to arbitrary code execution and denial of service, allowing an attacker to access confidential data, compromise its integrity, and disrupt service.

Recommendations For HTMLDOC version 1.9.12, consider disabling the render table row() function in ps-pdf.cxx as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2024-07299

CVE-2021-26259

DLA-2700-1

DSA-4928-1

MGASA-2021-0332

USN-7189-1

Affected Products

Astra Linux

Htmldoc

Linuxmint

Ubuntu

CVE-2021-26259

Weakness Enumeration

Related Identifiers

Affected Products

References · 32