CVE-2021-34119 : A flaw was discovered in htmodoc 1.9.12 in function parse

A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.

Published 2023-07-18 14:15:12

Updated 2023-07-27 15:19:27

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2021-34119

Htmldoc Project » Htmldoc » Version: 1.9.12
cpe:2.3:a:htmldoc_project:htmldoc:1.9.12:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-34119

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-34119

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-34119

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-34119

https://github.com/michaelrsweet/htmldoc/commit/85fa76d77ed69927d24decf476e69bedc7691f48

Fix another crash bug with bogus data (Issue #431) · michaelrsweet/htmldoc@85fa76d · GitHub
Patch
https://github.com/michaelrsweet/htmldoc/issues/431

Heap-buffer-overflow in function parse_paragraph() in ps-pdf.cxx · Issue #431 · michaelrsweet/htmldoc · GitHub
Exploit;Issue Tracking

Jump to

Vulnerability Details : CVE-2021-34119

Products affected by CVE-2021-34119

Exploit prediction scoring system (EPSS) score for CVE-2021-34119

CVSS scores for CVE-2021-34119

CWE ids for CVE-2021-34119

References for CVE-2021-34119