Advisories » MGASA-2025-0097

Updated man2html man2html packages fix security vulnerability

Publication date: 15 Mar 2025
Modification date: 15 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2021-40647

Description

In man2html 1.6g, a specific string being read in from a file will
overwrite the size parameter in the top chunk of the heap. This at least
causes the program to segmentation abort if the heap size parameter
isn't aligned correctly. In versions before GLIBC version 2.29 and
if aligned correctly, it allows arbitrary writes anywhere in the program's
memory.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34072
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAS4Z6KUDJQV22DP5BTQX56WVFT3FF32/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40647

SRPMS

9/core

• man2html-1.6-6.1.mga9