9.8

CVE-2021-23158

Exploit
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Htmldoc ProjectHtmldoc Version1.9.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.28% 0.809
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1967018
Third Party Advisory
Issue Tracking
https://github.com/michaelrsweet/htmldoc/issues/414
Third Party Advisory
Exploit
Issue Tracking