CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27114 – Gentoo Linux Security Advisory 202405-07
https://notcve.org/view.php?id=CVE-2022-27114
09 May 2022 — There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. Se presenta una vulnerabilidad en htmldoc versión 1.9.16. En la función image_load_jpeg image.cxx cuando llama a malloc,"img-)width" e "img-)height" son ... • https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28085 – Gentoo Linux Security Advisory 202405-07
https://notcve.org/view.php?id=CVE-2022-28085
27 Apr 2022 — A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). Se ha encontrado un fallo en el commit 31f7804 de htmldoc. Un desbordamiento del búfer de la pila en la función pdf_write_names en el archivo ps-pdf.cxx puede conllevar a una ejecución de código arbitrario y una Denegación de Servicio (DoS) It was discovered that HTMLDOC incorrectly handled memory in the image_set_mask, git_read_lz... • https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348 • CWE-787: Out-of-bounds Write •