Michael R Sweet

21 exploits Active since Feb 2022
CVE-2026-41079 WRITEUP MEDIUM WRITEUP
OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
CVSS 4.3
CVE-2026-41079 WRITEUP MEDIUM WRITEUP
OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
CVSS 4.3
CVE-2026-27447 WRITEUP MEDIUM WRITEUP
OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
CVSS 4.8
CVE-2026-5037 WRITEUP LOW WRITEUP
mxml mxmlIndexNew mxml-index.c index_sort stack-based overflow
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
CVSS 3.3
CVE-2021-23158 WRITEUP CRITICAL WRITEUP
htmldoc <1.9.12 - RCE
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
CVSS 9.8
CVE-2021-23180 WRITEUP HIGH WRITEUP
htmldoc <1.9.12 - RCE
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.
CVSS 7.8
CVE-2021-23191 WRITEUP HIGH WRITEUP
htmldoc <1.9.12 - DoS
A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function image_load_jpeg() in image.cxx may result in denial of service.
CVSS 7.8
CVE-2021-23206 WRITEUP HIGH WRITEUP
htmldoc <1.9.12 - RCE
A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
CVSS 7.8
CVE-2021-26259 WRITEUP HIGH WRITEUP
Htmldoc - Out-of-Bounds Write
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.
CVSS 7.8
CVE-2021-34119 WRITEUP HIGH WRITEUP
Htmldoc - Out-of-Bounds Write
A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.
CVSS 7.8
CVE-2021-34121 WRITEUP HIGH WRITEUP
Htmldoc - Out-of-Bounds Read
An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
CVSS 7.8
CVE-2022-0534 WRITEUP MEDIUM WRITEUP
htmldoc <1.9.15 - Memory Corruption
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).
CVSS 5.5
CVE-2022-27114 WRITEUP MEDIUM WRITEUP
Htmldoc - Integer Overflow
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.
CVSS 5.5
CVE-2022-28085 WRITEUP HIGH WRITEUP
Htmldoc < 1.9.16 - Out-of-Bounds Write
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
CVSS 7.8
CVE-2022-34033 WRITEUP HIGH WRITEUP
HTMLDoc <1.9.15 - Buffer Overflow
HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.
CVSS 7.5
CVE-2022-34035 WRITEUP HIGH WRITEUP
HTMLDoc <1.9.12 - Buffer Overflow
HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.
CVSS 7.5
CVE-2023-24808 WRITEUP MEDIUM WRITEUP
PDFio <1.1.0 - DoS
PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. Web servers or other automated processes which rely on this code to turn pdf submissions into plaintext can be DOSed when an attacker uploads the pdf. Please see the linked GHSA for an example pdf. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.3
CVE-2023-28428 WRITEUP MEDIUM WRITEUP
PDFio <1.1.1 - DoS
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.
CVSS 6.2
CVE-2024-42358 WRITEUP MEDIUM WRITEUP
Msweet Pdfio < 1.3.1 - Infinite Loop
PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. The ttf.h library is vulnerable. A value called nGroups is extracted from the file, and by changing that value, you can cause the program to utilize 100% of the Memory and enter an infinite loop. If the value of nGroups in the file is small, an infinite loop will not occur. This library, whether used as a standalone binary or as part of another application, is vulnerable to DOS attacks when parsing certain types of files. Automated systems, including web servers that use this code to convert PDF submissions into plaintext, can be DOSed if an attacker uploads a malicious TTF file. This issue has been addressed in release version 1.3.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 6.2
CVE-2024-46478 WRITEUP CRITICAL WRITEUP
Htmldoc - Buffer Overflow
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
CVSS 9.8
CVE-2025-58436 WRITEUP MEDIUM WRITEUP
OpenPrinting CUPS <2.4.15 - DoS
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.
CVSS 5.1