Bug 1186805 - (CVE-2021-26252) VUL-0: CVE-2021-26252: htmldoc: heap-buffer-overflow in pspdf_prepare_page()
(CVE-2021-26252)
VUL-0: CVE-2021-26252: htmldoc: heap-buffer-overflow in pspdf_prepare_page()
Status: RESOLVED WONTFIX
: CVE-2021-23158 CVE-2021-23191 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Critical
: ---
Assigned To: Ruediger Oertel
Security Team bot
https://smash.suse.de/issue/301137/
CVSSv3.1:SUSE:CVE-2021-23158:9.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-03 13:31 UTC by Gianluca Gabrielli
Modified: 2021-06-07 14:54 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-06-03 13:31:23 UTC
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

Reference:
https://github.com/michaelrsweet/htmldoc/issues/412

Upstream patch:
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1967009
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26252
Comment 1 Gianluca Gabrielli 2021-06-03 13:32:33 UTC
Affected packages:
 - SUSE:SLE-11:Update/htmldoc      1.8.27
 - openSUSE:Factory/htmldoc        1.9.11

Upstream patch [0].

[0] https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc.patch
Comment 2 Gianluca Gabrielli 2021-06-03 13:41:17 UTC
*** Bug 1186807 has been marked as a duplicate of this bug. ***
Comment 3 Gianluca Gabrielli 2021-06-03 13:47:49 UTC
*** Bug 1186808 has been marked as a duplicate of this bug. ***
Comment 4 Gianluca Gabrielli 2021-06-03 13:51:48 UTC
*** Bug 1186809 has been marked as a duplicate of this bug. ***
Comment 5 Ruediger Oertel 2021-06-07 14:54:23 UTC
n/a for Factory/TW that already has 1.9.12 including the fix

not on any product for Code12, not in Code15

only maintained in SMT 11 SP3, not planning to fix there.

369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc is part of 1.9.12