Bug 1195758 - (CVE-2022-0534) VUL-0: CVE-2022-0534: htmldoc: stack out-of-bounds read in gif_get_code() when opening a malicious GIF file results in a segmentation fault
(CVE-2022-0534)
VUL-0: CVE-2022-0534: htmldoc: stack out-of-bounds read in gif_get_code() whe...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/323313/
CVSSv3.1:SUSE:CVE-2022-0534:6.1:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-10 08:00 UTC by Carlos López
Modified: 2022-06-10 09:05 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-02-10 08:00:41 UTC
CVE-2022-0534

A vulnerability was found in htmldoc version 1.9.15 where the stack
out-of-bounds read takes place in gif_get_code() and occurs when opening a
malicious GIF file, which can result in a crash (segmentation fault).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0534
https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9
https://github.com/michaelrsweet/htmldoc/issues/463
Comment 1 Carlos López 2022-02-10 08:01:59 UTC
Affected:  
 - SUSE:SLE-11:Update
 - openSUSE:Backports:SLE-15-SP3
 - openSUSE:Backports:SLE-15-SP4
 - openSUSE:Factory
Comment 2 Petr Gajdos 2022-02-10 11:23:59 UTC
Submitted into devel project.
Comment 4 Petr Gajdos 2022-02-10 12:39:50 UTC
Submitted for: B15sp3, B12sp1, 11.

Submission missing for B15sp4, waiting for
https://build.opensuse.org/request/show/953153
to be accepted.
Comment 5 OBSbugzilla Bot 2022-02-10 13:10:08 UTC
This is an autogenerated message for OBS integration:
This bug (1195758) was mentioned in
https://build.opensuse.org/request/show/953162 Backports:SLE-15-SP3 / htmldoc
https://build.opensuse.org/request/show/953169 Backports:SLE-12-SP1 / htmldoc
Comment 6 Petr Gajdos 2022-02-10 14:10:17 UTC
Tumbleweed version submitted into B15sp4.
Comment 7 OBSbugzilla Bot 2022-02-10 14:30:09 UTC
This is an autogenerated message for OBS integration:
This bug (1195758) was mentioned in
https://build.opensuse.org/request/show/953225 Backports:SLE-15-SP3 / htmldoc
https://build.opensuse.org/request/show/953226 Backports:SLE-12-SP1 / htmldoc
Comment 9 Petr Gajdos 2022-02-14 09:22:44 UTC
I believe all fixed (or waiting for review). Feel free to let me know in case something else is needed.
Comment 10 Swamp Workflow Management 2022-02-17 23:17:56 UTC
openSUSE-SU-2022:0043-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1178561,1190515,1192357,1194178,1194487,1195758
CVE References: CVE-2021-3997,CVE-2021-40985,CVE-2021-43579,CVE-2022-0534
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    systemd-246.16-7.33.1
openSUSE Backports SLE-15-SP3 (src):    htmldoc-1.9.12-bp153.2.6.1
Comment 11 Swamp Workflow Management 2022-02-28 17:19:05 UTC
SUSE-SU-2022:14898-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1158802,1184424,1195758
CVE References: CVE-2019-19630,CVE-2021-20308,CVE-2022-0534
JIRA References: 
Sources used:
Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (src):    htmldoc-1.8.27-170.4.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-03-21 20:20:53 UTC
openSUSE-SU-2022:0088-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1192357,1194303,1194304,1194487,1195758
CVE References: CVE-2021-40985,CVE-2021-43579,CVE-2021-45944,CVE-2021-45949,CVE-2022-0534
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    ghostscript-9.52-161.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    htmldoc-1.8.28-9.1
Comment 13 Carlos López 2022-06-10 09:05:39 UTC
Done, closing.