Multiple vulnerabilities in HTMLDOC
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2021-26948 CVE-2021-26259 CVE-2021-26252 CVE-2021-23206 CVE-2021-23191 CVE-2021-23180 CVE-2021-23165 CVE-2021-23158 |
| CWE-ID | CWE-20 CWE-122 CWE-121 CWE-415 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
HTMLDOC Web applications / Modules and components for CMS |
| Vendor | Michael R Sweet |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU54041
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-26948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted URI to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHTMLDOC: 1.9 - 1.9.11
CPE2.3- cpe:2.3:a:michael_r_sweet:htmldoc:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.2:*:*:*:*:*:*:*
https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
https://github.com/michaelrsweet/htmldoc/issues/410
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU54040
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-26259
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the render_table_row() function in ps-pdf.cxx. A remote attacker can pass specially crafted JPEG image to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHTMLDOC: 1.9 - 1.9.11
CPE2.3- cpe:2.3:a:michael_r_sweet:htmldoc:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.2:*:*:*:*:*:*:*
https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5
https://github.com/michaelrsweet/htmldoc/issues/417
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU54039
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-26252
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the pspdf_prepare_page() function ps-pdf.cxx. A remote attacker can pass specially crafted JPEG image to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHTMLDOC: 1.9 - 1.9.11
CPE2.3- cpe:2.3:a:michael_r_sweet:htmldoc:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.2:*:*:*:*:*:*:*
https://github.com/michaelrsweet/htmldoc/issues/412
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Stack-based buffer overflow
EUVDB-ID: #VU54038
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-23206
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing table attributes in parse_table() function in ps-pdf.cxx. A remote unauthenticated attacker can pass specially crafted data to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHTMLDOC: 1.9 - 1.9.11
CPE2.3- cpe:2.3:a:michael_r_sweet:htmldoc:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.2:*:*:*:*:*:*:*
https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8
https://github.com/michaelrsweet/htmldoc/issues/416
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU54037
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-23191
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted JPEG image to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHTMLDOC: 1.9 - 1.9.11
CPE2.3- cpe:2.3:a:michael_r_sweet:htmldoc:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.2:*:*:*:*:*:*:*
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
https://github.com/michaelrsweet/htmldoc/issues/415
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU54036
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-23180
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the file_extension() function in file.c. A remote attacker can pass specially crafted URI to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHTMLDOC: 1.9 - 1.9.11
CPE2.3- cpe:2.3:a:michael_r_sweet:htmldoc:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.2:*:*:*:*:*:*:*
https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
https://github.com/michaelrsweet/htmldoc/issues/418
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU54035
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-23165
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the pspdf_prepare_outpages() function in ps-pdf.cxx. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and crash the library.
Install updates from vendor's website.
Vulnerable software versionsHTMLDOC: 1.9 - 1.9.11
CPE2.3- cpe:2.3:a:michael_r_sweet:htmldoc:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.2:*:*:*:*:*:*:*
https://github.com/michaelrsweet/htmldoc/issues/413
https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Double Free
EUVDB-ID: #VU54034
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-23158
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the pspdf_export(0 function in ps-pdf.cxx when processing JPEG images. A remote attacker can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHTMLDOC: 1.9 - 1.9.11
CPE2.3- cpe:2.3:a:michael_r_sweet:htmldoc:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:michael_r_sweet:htmldoc:1.9.2:*:*:*:*:*:*:*
https://github.com/michaelrsweet/htmldoc/issues/414
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
