CVE-2021-40647

Name of the Vulnerable Software and Affected Versions man2html version 1.6g GLIBC versions prior to 2.29

Description A specific string read from a file can overwrite the size parameter in the top chunk of the heap, causing a segmentation abort if the heap size parameter is not aligned correctly. In versions before GLIBC 2.29, and when aligned correctly, this allows arbitrary write access anywhere in the program's memory.

Recommendations For man2html version 1.6g, consider updating to a version that uses GLIBC version 2.29 or later to mitigate the risk. For GLIBC versions prior to 2.29, as a temporary workaround, consider restricting access to files that could contain the specific string, until a patch is available.