CRITICAL🇵🇱 Wersja polska

CVE-2024-46478

CVSS 9.8v3.1pub. 2024-10-24upd. 2025-06-24

HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.

🤖 AI Analysis
How it works

The vulnerability (CWE-120) consists of a buffer overflow in the parse_pre function during HTML document processing. An attacker can provide a specially crafted HTML file that causes data to be written outside the boundaries of the allocated buffer in memory. The lack of proper validation of input data size before the copy operation to the buffer enables overwriting adjacent memory areas.

Impact

Successful exploitation of this vulnerability may lead to arbitrary code execution (RCE) in the context of the document processing process, as well as breach of confidentiality, integrity, and availability of the system. An attacker without any privileges can take control of the vulnerable application.

Mitigation & patch

A patch available in the project repository should be applied (commit 683bec548e642cf4a17e003fb34f6bbaf2d27b98 on GitHub) or HTMLDOC should be updated to a version containing the fix according to vendor information.

Who is affected

HTMLDOC version 1.9.18 (Htmldoc Project / michaelrsweet/htmldoc).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Htmldoc Project Htmldoc

    APP
    Htmldoc Project
    1.9.18
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-45508CRITICAL9.8PL ✓ten sam produkt

HTMLDOC: out-of-bounds write w parse_paragraph podczas przetwarzania HTML

CVE-2021-23158CRITICAL9.8ten sam produkt

A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a w...

CVE-2021-23165CRITICAL9.8ten sam produkt

A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx ma...

CVE-2021-20308CRITICAL9.8ten sam produkt

Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a de...

CVE-2021-34119HIGH7.8ten sam produkt

A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows p...