CVE-2021-26252 — Vulnetix

CVE-2021-26252 PUBLISHED

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

EPSS 0.26% · 49.4th percentile

Risk Scores

EPSS Score

0.26%

49.4th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:20.04:LTS	htmldoc	0, 1.9.3-1, 1.9.7-1build1
Ubuntu:Pro:18.04:LTS	htmldoc	1.9.2-1ubuntu0.2, 0, 1.8.27-8ubuntu2
Ubuntu:Pro:14.04:LTS	htmldoc	1.8.27-8ubuntu1+esm2, 1.8.27-8ubuntu1, 0
Ubuntu:Pro:16.04:LTS	htmldoc	1.8.27-8ubuntu1, *, 0

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=1967009 (circl)

Timeline

Feb 24, 2022 CVE Published
Feb 25, 2022 EPSS Score
Mar 5, 2022 EPSS Score
Apr 18, 2022 EPSS Score
Jun 9, 2022 EPSS Score
Aug 1, 2022 EPSS Score
Sep 21, 2022 EPSS Score
Nov 12, 2022 EPSS Score
Jan 3, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 17, 2023 EPSS Score
Jun 8, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-26252 third-party-advisory
https://github.com/michaelrsweet/htmldoc/issues/412 third-party-advisory
https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-26252 third-party-advisory
https://ubuntu.com/security/notices/USN-7189-1 vendor-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›