CVE-2024-45508 — Vulnetix

CVE-2024-45508 PUBLISHED CVSS 9.800000190734863 CRITICAL

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.

EPSS 0.29% · 52.5th percentile

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.29%

52.5th percentile

Affected Products

Vendor	Product	Versions
htmldoc	htmldoc	0
htmldoc_project	htmldoc	0
n/a	n/a	n/a

Exploit Intelligence

https://github.com/michaelrsweet/htmldoc/issues/528 (nist-nvd)
https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2 (circl)
https://github.com/michaelrsweet/htmldoc/blob/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2/CHANGES.md (circl)

Timeline

Sep 1, 2024 CVE Published
Sep 2, 2024 EPSS Score
Sep 3, 2024 CVE Updated
Sep 22, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 12, 2024 EPSS Score
Nov 1, 2024 EPSS Score
Nov 22, 2024 EPSS Score
Dec 13, 2024 EPSS Score
Jan 2, 2025 EPSS Score
Jan 22, 2025 EPSS Score
Feb 11, 2025 EPSS Score

References

https://github.com/michaelrsweet/htmldoc/issues/528 url
https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2 url
https://github.com/michaelrsweet/htmldoc/blob/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2/CHANGES.md url
https://nvd.nist.gov/vuln/detail/CVE-2024-45508 advisory

Open in Interactive Console →