CVE-2022-0534 — Vulnetix

CVE-2022-0534 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).

EPSS 0.14% · 34.2th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.14%

34.2th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	9.0
n/a	htmldoc	htmldoc 1.9.15
htmldoc_project	htmldoc	1.9.15

Exploit Intelligence

CIRCL seen: CVE-2022-0534 (circl-sighting)
https://github.com/michaelrsweet/htmldoc/issues/463 (circl)
https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (circl)
[debian-lts-announce] 20220226 [SECURITY] [DLA 2928-1] htmldoc security update (circl)

Timeline

Feb 9, 2022 CVE Published
Feb 10, 2022 EPSS Score
Feb 10, 2022 PoC Published
Apr 3, 2022 EPSS Score
May 26, 2022 EPSS Score
Jul 18, 2022 EPSS Score
Sep 9, 2022 EPSS Score
Oct 31, 2022 EPSS Score
Dec 22, 2022 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 6, 2023 EPSS Score

References

Open in Interactive Console →