CVE-2019-19630

EUVD-2019-9241
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
htmldoc_projecthtmldoc
1.9.7
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
htmldoc
bookworm
1.9.16-1
fixed
bullseye
1.9.11-4+deb11u3
fixed
sid
1.9.18-3
fixed
trixie
1.9.18-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
htmldoc
bionic
Fixed 1.9.2-1ubuntu0.1
released
disco
ignored
eoan
ignored
focal
not-affected
groovy
not-affected
trusty
Fixed 1.8.27-8ubuntu1+esm1
released
xenial
Fixed 1.8.27-8ubuntu1.1
released
Common Weakness Enumeration
References
https://github.com/michaelrsweet/htmldoc/issues/370
https://lists.debian.org/debian-lts-announce/2019/12/msg00008.html
https://lists.debian.org/debian-lts-announce/2021/07/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MZLVUBON5AYWYTFTJ4HBSHGTQTY7KBN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEUT3LG6DWTICKXYAN4SWOQWWCGHPLDJ/
https://github.com/michaelrsweet/htmldoc/issues/370
https://lists.debian.org/debian-lts-announce/2019/12/msg00008.html
https://lists.debian.org/debian-lts-announce/2021/07/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MZLVUBON5AYWYTFTJ4HBSHGTQTY7KBN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEUT3LG6DWTICKXYAN4SWOQWWCGHPLDJ/