VDB
CVE-2021-43579
CVE-2021-43579
PUBLISHED
CVSS 6.800000190734863 MEDIUM
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
EPSS 5.62% · 90.5th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
5.62%
90.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 9.0 |
| htmldoc_project | htmldoc | 0 |
| n/a | n/a | n/a |
Timeline
- Nov 12, 2021 CVE Published
- Nov 13, 2021 EPSS Score
- Jan 7, 2022 EPSS Score
- Jan 11, 2022 EPSS Score
- Mar 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 23, 2022 EPSS Score
- Aug 18, 2022 EPSS Score
- Dec 7, 2022 EPSS Score
- Feb 1, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- https://github.com/michaelrsweet/htmldoc/issues/453 url
- https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b url
- https://github.com/michaelrsweet/htmldoc/compare/v1.9.12...v1.9.13 url
- https://github.com/michaelrsweet/htmldoc/issues/456 url
- [debian-lts-announce] 20220226 [SECURITY] [DLA 2928-1] htmldoc security update mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2021-43579 advisory