CVE-2022-24191

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
Configurations

Configuration 1 (hide)

cpe:2.3:a:htmldoc_project:htmldoc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
References () https://github.com/michaelrsweet/htmldoc/issues/470 - Exploit, Issue Tracking, Patch, Third Party Advisory () https://github.com/michaelrsweet/htmldoc/issues/470 - Exploit, Issue Tracking, Patch, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/ -

13 May 2022, 12:19

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/ - Mailing List, Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

26 Apr 2022, 10:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/ -

11 Apr 2022, 15:28

Type Values Removed Values Added
CWE CWE-835
CPE cpe:2.3:a:htmldoc_project:htmldoc:*:*:*:*:*:*:*:*
References (MISC) https://github.com/michaelrsweet/htmldoc/issues/470 - (MISC) https://github.com/michaelrsweet/htmldoc/issues/470 - Exploit, Issue Tracking, Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 5.5

04 Apr 2022, 11:45

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-04 11:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-24191

Mitre link : CVE-2022-24191

CVE.ORG link : CVE-2022-24191


JSON object : View

Products Affected

htmldoc_project

  • htmldoc

fedoraproject

  • fedora
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')