First published: Mon Apr 04 2022(Updated: )
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Htmldoc Project Htmldoc | <1.9.15 | |
Fedoraproject Fedora | =34 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24191 is a vulnerability in HTMLDOC 1.9.14 that allows an attacker to cause a buffer overflow by exploiting an infinite loop in the gif_read_lzw function, potentially leading to remote code execution.
CVE-2022-24191 has a severity rating of medium, with a CVSS score of 5.5.
HTMLDOC versions up to but excluding 1.9.15 and Fedora 34 are affected by CVE-2022-24191.
CVE-2022-24191 can be exploited by an attacker creating a specially crafted GIF file and causing an infinite loop in the gif_read_lzw function, leading to a buffer overflow.
Yes, you can find more information about CVE-2022-24191 at the following references: [Link 1](https://github.com/michaelrsweet/htmldoc/issues/470) [Link 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RPDZLHOMPSA2LBXXFTZ5UADZWGYYWH7/)