| Description: | Summary:
The remote host is missing an update for the 'htmldoc' package(s) announced via the USN-7189-1 advisory.
Vulnerability Insight:
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to an integer overflow. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-20308)
It was discovered that HTMLDOC incorrectly handled memory in pspdf_export,
which could lead to a double-free. An attacker could potentially use this
issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23158)
It was discovered that HTMLDOC incorrectly handled memory when loading a
JPEG image, which could lead to a NULL pointer dereference. An attacker
could potentially use this issue to cause a denial of service.
(CVE-2021-23191, CVE-2021-26948)
It was discovered that HTMLDOC incorrectly handled certain inputs, which
could lead to a stack buffer overflow. An attacker could potentially use
this issue to cause a denial of service or execute arbitrary code.
(CVE-2021-23206, CVE-2021-40985, CVE-2021-43579)
It was discovered that HTMLDOC incorrectly handled memory in
pdpdf_prepare_page and render_table_row, which could lead to a heap buffer
overflow. An attacker could potentially use this issue to cause a denial
of service or execute arbitrary code. (CVE-2021-26252, CVE-2021-26259)
It was discovered that HTMLDOC incorrectly handled memory in
parse_paragraph, which could lead to a heap buffer overflow. An attacker
could potentially use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-34119)
It was discovered that HTMLDOC incorrectly handled memory in parse_tree.
An attacker could potentially use this issue to leak sensitive
information. (CVE-2021-34121)
Affected Software/OS:
'htmldoc' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
