CVE-2019-19630

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
htmldoc_projecthtmldoc
1.9.7
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
htmldoc
bullseye
1.9.11-4+deb11u3
fixed
bookworm
1.9.16-1
fixed
sid
1.9.18-3
fixed
trixie
1.9.18-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
htmldoc
groovy
not-affected
focal
not-affected
eoan
ignored
disco
ignored
bionic
Fixed 1.9.2-1ubuntu0.1
released
xenial
Fixed 1.8.27-8ubuntu1.1
released
trusty
Fixed 1.8.27-8ubuntu1+esm1
released
Common Weakness Enumeration
References
https://github.com/michaelrsweet/htmldoc/issues/370
https://lists.debian.org/debian-lts-announce/2019/12/msg00008.html
https://lists.debian.org/debian-lts-announce/2021/07/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MZLVUBON5AYWYTFTJ4HBSHGTQTY7KBN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEUT3LG6DWTICKXYAN4SWOQWWCGHPLDJ/
https://github.com/michaelrsweet/htmldoc/issues/370
https://lists.debian.org/debian-lts-announce/2019/12/msg00008.html
https://lists.debian.org/debian-lts-announce/2021/07/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MZLVUBON5AYWYTFTJ4HBSHGTQTY7KBN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEUT3LG6DWTICKXYAN4SWOQWWCGHPLDJ/