VDB
CVE-2021-26948
CVE-2021-26948
PUBLISHED
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file.
EPSS 0.14% · 33.2th percentile
Risk Scores
EPSS Score
0.14%
33.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | htmldoc | 0, 1.9.3-1, 1.9.7-1ubuntu0.3 |
| Ubuntu:Pro:16.04:LTS | htmldoc | 1.8.27-8ubuntu1, 1.8.27-8ubuntu1.1+esm1, 1.8.27-8ubuntu1.1 |
| Ubuntu:Pro:18.04:LTS | htmldoc | 1.8.27-8ubuntu3, 1.9.2-1ubuntu0.1, 1.9.2-1ubuntu0.2 |
| Ubuntu:Pro:14.04:LTS | htmldoc | 1.8.27-8ubuntu1+esm2, 1.8.27-8ubuntu1, 1.8.27-8ubuntu1+esm1 |
Exploit Intelligence
Timeline
- Mar 3, 2022 CVE Published
- Mar 4, 2022 EPSS Score
- Mar 10, 2022 EPSS Score
- Apr 25, 2022 EPSS Score
- Jun 15, 2022 EPSS Score
- Aug 7, 2022 EPSS Score
- Sep 27, 2022 EPSS Score
- Nov 18, 2022 EPSS Score
- Jan 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 22, 2023 EPSS Score
- Jun 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-26948 third-party-advisory
- https://github.com/michaelrsweet/htmldoc/issues/410 third-party-advisory
- https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-26948 third-party-advisory
- https://ubuntu.com/security/notices/USN-7189-1 vendor-advisory