htmldoc 1.9.12 File ps-pdf.cxx parse_paragraph out-of-bounds write
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in htmldoc 1.9.12 and classified as critical. This issue affects the function parse_paragraph of the file ps-pdf.cxx of the component File Handler. Such manipulation leads to an unknown weakness.
This vulnerability is uniquely identified as CVE-2021-34119. No exploit exists.
Applying a patch is advised to resolve this issue.
Details
A vulnerability was found in htmldoc 1.9.12 and classified as critical. Affected by this issue is the function parse_paragraph of the file ps-pdf.cxx of the component File Handler. Using CWE to declare the problem leads to CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.
The weakness was disclosed 07/18/2023 as 431. The advisory is shared for download at github.com. This vulnerability is handled as CVE-2021-34119 since 06/07/2021. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 213544 (Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS : HTMLDOC vulnerabilities (USN-7189-1)), which helps to determine the existence of the flaw in a target environment.
Applying the patch 85fa76d77ed69927d24decf476e69bedc7691f48 is able to eliminate this problem. The bugfix is ready for download at github.com.
The vulnerability is also documented in the vulnerability database at Tenable (213544). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.6VulDB Meta Temp Score: 6.5
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Out-of-bounds writeCWE: CWE-787 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 213544
Nessus Name: Ubuntu 14.04 LTS / 18.04 LTS / 20.04 LTS : HTMLDOC vulnerabilities (USN-7189-1)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: 85fa76d77ed69927d24decf476e69bedc7691f48
Timeline
06/07/2021 🔍07/18/2023 🔍
07/18/2023 🔍
01/08/2025 🔍
Sources
Advisory: 431Status: Confirmed
CVE: CVE-2021-34119 (🔍)
GCVE (CVE): GCVE-0-2021-34119
GCVE (VulDB): GCVE-100-234392
Entry
Created: 07/18/2023 18:00Updated: 01/08/2025 12:32
Changes: 07/18/2023 18:00 (42), 08/09/2023 09:45 (12), 01/08/2025 12:32 (17)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.