Bug 1186807 - (CVE-2021-23165) VUL-0: CVE-2021-23165: htmldoc: heap-buffer-overflow in pspdf_prepare_outpages()
(CVE-2021-23165)
VUL-0: CVE-2021-23165: htmldoc: heap-buffer-overflow in pspdf_prepare_outpages()
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Ruediger Oertel
Security Team bot
https://smash.suse.de/issue/301135/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-03 13:39 UTC by Gianluca Gabrielli
Modified: 2021-06-07 14:53 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-06-03 13:39:55 UTC
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

Reference:
https://github.com/michaelrsweet/htmldoc/issues/413

Upstream patch:
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1967014
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23165
Comment 1 Gianluca Gabrielli 2021-06-03 13:41:17 UTC
This bug has the same fix of bsc#1186805 (CVE-2021-26252).

*** This bug has been marked as a duplicate of bug 1186805 ***
Comment 2 Gianluca Gabrielli 2021-06-03 13:57:08 UTC
Please discard my previous message.

Affected packages:
 - SUSE:SLE-11:Update/htmldoc      1.8.27
 - openSUSE:Factory/htmldoc        1.9.11

Upstream patch [0].

[0] https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f.patch
Comment 3 Ruediger Oertel 2021-06-07 14:53:35 UTC
n/a for Factory/TW that already has 1.9.12 including the fix

not on any product for Code12, not in Code15

only maintained in SMT 11 SP3, not planning to fix there.


                                                                                                                                                         6e8a95561988500b5b5ae4861b3b0cbf4fba517f is part of 1.9.12