CVE-2021-43579

HIGH

HTMLDOC <=1.9.13 - Buffer Overflow

Title source: llm

Description

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

Exploits (1)

exploitdb WORKING POC

by wulfgarpro · pythonremotemultiple

https://www.exploit-db.com/exploits/52425

View Code ZIP pw:eip

References (5)

[Patch, Third Party Advisory] https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b

[Release Notes, Third Party Advisory] https://github.com/michaelrsweet/htmldoc/compare/v1.9.12...v1.9.13

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/michaelrsweet/htmldoc/issues/453

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/michaelrsweet/htmldoc/issues/456

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/02/msg00022.html

Scores

CVSS v3 7.8

EPSS 0.0561

EPSS Percentile 90.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (2)

debian/debian_linux 9.0

htmldoc_project/htmldoc < 1.9.13

Published Jan 10, 2022

Tracked Since Feb 18, 2026