Michael R Sweet

26 exploits Active since Jan 2022
CVE-2021-23165 WRITEUP CRITICAL WRITEUP
htmldoc < 1.9.12 - Heap-based Buffer Overflow in pspdf_prepare_outpages
A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
CVSS 9.8
CVE-2021-43579 WRITEUP HIGH WRITEUP
htmldoc <= 1.9.13 - Remote Code Execution via Crafted BMP File in image_load_bmp()
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
CVSS 7.8
CVE-2022-34033 WRITEUP HIGH WRITEUP
HTMLDoc 1.9.15 - Heap Overflow in write_header Function
HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.
CVSS 7.5
CVE-2022-34035 WRITEUP HIGH WRITEUP
htmldoc < 1.9.12 - Heap Overflow via e_node in html.cxx
HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.
CVSS 7.5
CVE-2024-45508 WRITEUP CRITICAL WRITEUP
htmldoc < 1.9.19 - Out-of-bounds Write in parse_paragraph
HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.
CVSS 9.8
CVE-2026-41079 WRITEUP MEDIUM WRITEUP
OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
CVSS 4.3
CVE-2026-41079 WRITEUP MEDIUM WRITEUP
OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
CVSS 4.3
CVE-2026-27447 WRITEUP MEDIUM WRITEUP
OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
CVSS 4.8
CVE-2026-5037 WRITEUP LOW WRITEUP
mxml mxmlIndexNew mxml-index.c index_sort stack-based overflow
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
CVSS 3.3
CVE-2021-23158 WRITEUP CRITICAL WRITEUP
htmldoc 1.9.12 - Double Free in ps-pdf.cxx
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
CVSS 9.8
CVE-2021-23180 WRITEUP HIGH WRITEUP
htmldoc < 1.9.12 - Null Pointer Dereference in file_extension()
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.
CVSS 7.8
CVE-2021-23191 WRITEUP HIGH WRITEUP
htmldoc < 1.9.12 - Denial of Service via NULL Pointer Dereference in image_load_jpeg()
A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.
CVSS 7.8
CVE-2021-23206 WRITEUP HIGH WRITEUP
htmldoc < 1.9.12 - Stack-based Buffer Overflow in parse_table()
A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
CVSS 7.8
CVE-2021-26259 WRITEUP HIGH WRITEUP
htmldoc 1.9.12 - Heap Buffer Overflow in render_table_row()
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.
CVSS 7.8
CVE-2021-34119 WRITEUP HIGH WRITEUP
htmldoc 1.9.12 - Out-of-bounds Write in parse_paragraph
A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.
CVSS 7.8
CVE-2021-34121 WRITEUP HIGH WRITEUP
htmldoc 1.9.12 - Out-of-Bounds Read in parse_tree() Function
An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
CVSS 7.8
CVE-2022-0534 WRITEUP MEDIUM WRITEUP
htmldoc <1.9.15 - Memory Corruption
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).
CVSS 5.5
CVE-2022-27114 WRITEUP MEDIUM WRITEUP
htmldoc 1.9.16 - Integer Overflow in JPEG Image Processing
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
CVSS 5.5
CVE-2022-28085 WRITEUP HIGH WRITEUP
htmldoc < 1.9.16 - Heap Buffer Overflow in pdf_write_names
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
CVSS 7.8
CVE-2022-34033 WRITEUP HIGH WRITEUP
HTMLDoc 1.9.15 - Heap Overflow in write_header Function
HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.
CVSS 7.5
CVE-2022-34035 WRITEUP HIGH WRITEUP
htmldoc < 1.9.12 - Heap Overflow via e_node in html.cxx
HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.
CVSS 7.5
CVE-2023-24808 WRITEUP MEDIUM WRITEUP
pdfio < 1.1.0 - Denial of Service via Crafted PDF File
PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. Web servers or other automated processes which rely on this code to turn pdf submissions into plaintext can be DOSed when an attacker uploads the pdf. Please see the linked GHSA for an example pdf. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.3
CVE-2023-28428 WRITEUP MEDIUM WRITEUP
pdfio < 1.1.1 - Denial of Service via Crafted PDF File
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.
CVSS 6.2
CVE-2024-42358 WRITEUP MEDIUM WRITEUP
PDFio < 1.3.1 - Denial of Service via TTF Parser Infinite Loop
PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 6.2
CVE-2024-46478 WRITEUP CRITICAL WRITEUP
htmldoc v1.9.18 - Buffer Overflow in parse_pre Function
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
CVSS 9.8