Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24191: Stack Buffer Overflow in gif_read_lzw · Issue #470 · michaelrsweet/htmldoc

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.

CVE
Open in Source
#web#git

Due to an infinite loop in the gif_read_lzw function, the sp variable which belongs heap memory can be arbitrarily modified.

The crash happens in this loop:

    while (code >= clear_code)
    {
      *sp++ = table[1][code];
      if (code == table[0][code])
    return (255);

      code = table[0][code];
    }

crash_gdb

As sp is consistently incremented, it reaches out of heap memory which causes the crash:

sp towards the start of execution:
sp_in_heap

sp once the crash happened:
sp_end

You can download and attempt the following POC:
htmldoc --webpage -f out.pdf ./crash.html

poc.zip

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE