Headline
CVE-2021-23165: Fix a number-up crash bug (Issue #413) · michaelrsweet/htmldoc@6e8a955
A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
Permalink
Browse files
Fix a number-up crash bug (Issue #413)
- Loading branch information
1 parent 369b2ea commit 6e8a95561988500b5b5ae4861b3b0cbf4fba517f
Showing with 3 additions and 2 deletions.
- +2 −1 CHANGES.md
- +1 −1 htmldoc/ps-pdf.cxx
@@ -1,7 +1,8 @@
Changes in HTMLDOC v1.9.12
- Fixed a crash bug with “data:” URIs and EPUB output (Issue #410)
- Fixed JPEG error handling (Issue #415)
- Fixed a number-up crash bug (Issue #413)
- Fixed JPEG error handling (Issue #414, Issue #415)
- Fixed crash bugs with bogus table attributes (Issue #416, Issue #417)
- Fixed a crash bug with malformed URIs (Issue #418)
- Fixed a crash bug with malformed GIF files (Issue #423)
@@ -1318,7 +1318,7 @@ pspdf_prepare_outpages()
chapter_outstarts[c] = num_outpages;
for (i = chapter_starts[c], j = 0, nup = -1, page = pages + i;
i <= chapter_ends[c];
i <= chapter_ends[c] && num_outpages < num_pages;
i ++, page ++)
{
if (nup != page->nup)
0 comments on commit 6e8a955
Please sign in to comment.