CVE-2022-24191 — Vulnetix

CVE-2022-24191 PUBLISHED CVSS 5.5 MEDIUM

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.

EPSS 0.08% · 24.1th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.08%

24.1th percentile

Affected Products

Vendor	Product	Versions
htmldoc_project	htmldoc	0
fedoraproject	fedora	34
n/a	n/a	*

Exploit Intelligence

https://github.com/michaelrsweet/htmldoc/issues/470 (nist-nvd)
FEDORA-2022-39533c087f (circl)

Timeline

Apr 4, 2022 CVE Published
Apr 5, 2022 EPSS Score
May 26, 2022 EPSS Score
Jul 16, 2022 EPSS Score
Sep 5, 2022 EPSS Score
Oct 25, 2022 EPSS Score
Dec 15, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 26, 2023 EPSS Score
May 15, 2023 EPSS Score
Jul 5, 2023 EPSS Score

References

https://github.com/michaelrsweet/htmldoc/issues/470 url
FEDORA-2022-39533c087f vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-24191 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7 url

Open in Interactive Console →