Vulnerability Details CVE-2022-27114
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275
- https://github.com/michaelrsweet/htmldoc/issues/471
- https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html
- https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275
- https://github.com/michaelrsweet/htmldoc/issues/471
- https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html
Products affected by CVE-2022-27114
-
cpe:2.3:a:htmldoc_project:htmldoc:1.9.16
-
cpe:2.3:o:debian:debian_linux:9.0