CVE DATABASE / CVE-2021-40985
CVE-2021-40985
CVSS 5.5 · MEDIUM
Summary
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
CVSS 3.1 breakdown
| Base score | 5.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | NONE |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Htmldoc_project htmldocDebian debian linux
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43
- https://github.com/michaelrsweet/htmldoc/issues/444
- https://lists.debian.org/debian-lts-announce/2022/02/msg00022.html
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.