Advisories ยป MGASA-2021-0332

Updated htmldoc packages fix security vulnerabilities

Publication date: 10 Jul 2021
Modification date: 10 Jul 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-20308 , CVE-2021-23158 , CVE-2021-23165 , CVE-2021-23180 , CVE-2021-23191 , CVE-2021-23206 , CVE-2021-26252 , CVE-2021-26259 , CVE-2021-26948

Description

Updated htmldoc packages fix security vulnerabilities:

Integer overflow in the htmldoc 1.9.11 and before may allow attackers to
execute arbitrary code and cause a denial of service that is similar to
CVE-2017-9181 (CVE-2021-20308).

AddressSanitizer: double-free in function pspdf_export ps-pdf.cxx
(CVE-2021-23158).

AddressSanitizer: heap-buffer-overflow in pspdf_prepare_outpages() in
ps-pdf.cxx (CVE-2021-23165).

AddressSanitizer: SEGV in file_extension file.c (CVE-2021-23180).

AddressSanitizer: SEGV on unknown address 0x000000000014 (CVE-2021-23191).

AddressSanitizer: stack-buffer-overflow in parse_table ps-pdf.cxx
(CVE-2021-23206).

AddressSanitizer: heap-buffer-overflow in pspdf_prepare_page(int)
ps-pdf.cxx (CVE-2021-26252).

AddressSanitizer: heap-buffer-overflow on render_table_row() ps-pdf.cxx
(CVE-2021-26259).

SEGV on unknown address 0x000000000000 (CVE-2021-26948).

References

SRPMS

8/core

7/core