SUSE Package Hub - openSUSE-2022-88

Update Info

openSUSE-2022-88

Security update for htmldoc

Type: security

Severity: important

Issued: 2022-03-21

Description:

htmldoc was updated to fix issues:

- CVE-2021-40985: Fixed buffer overflow may lead to DoS via a crafted BMP image (bsc#1192357)
- CVE-2021-43579: Fixed stack-based buffer overflow in image_load_bmp() results in remote code execution if the victim converts an HTML document linking to a crafted BMP file (bsc#1194487)
- CVE-2022-0534: Fixed stack out-of-bounds read in gif_get_code() when opening a malicious GIF file results in a segmentation fault (bsc#1195758)

References

CVE: CVE-2022-0534
CVE: CVE-2021-43579
CVE: CVE-2021-40985
Bugzilla: 1195758 https://bugzilla.opensuse.org/show_bug.cgi?id=1195758
Bugzilla: 1194487 https://bugzilla.opensuse.org/show_bug.cgi?id=1194487
Bugzilla: 1192357 https://bugzilla.opensuse.org/show_bug.cgi?id=1192357

Packages

htmldoc-1.8.28-9.1