CVE-2021-40648

Name of the Vulnerable Software and Affected Versions man2html version 1.6g

Description The issue allows a filename to be created that overwrites the previous size parameter of the next chunk and the fd, bk, fd nextsize, bk nextsize of the current chunk. This results in the freeing of an arbitrary amount of memory when the next chunk is freed later on.

Recommendations For man2html version 1.6g, consider updating to a newer version that addresses this issue, as the current version allows for the creation of a malicious filename that can cause memory corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.