Updated man2html man2html packages fix security vulnerability
Publication date: 15 Mar 2025Modification date: 15 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2021-40647
Description
In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In versions before GLIBC version 2.29 and if aligned correctly, it allows arbitrary writes anywhere in the program's memory.
References
SRPMS
9/core
- man2html-1.6-6.1.mga9