CVE-2019-19630 in Ubuntu

CVE-2019-19630

Priority

Description

HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy()
function in string.c (when called from render_contents in ps-pdf.cxx) via a
crafted HTML document.

Ubuntu-Description

It was dicovered that HTMLDOC has a stack-based buffer overflow vulnerability.
An attacker could use it create a crafted HTML document that provoke a Denial
of Service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19630
https://github.com/michaelrsweet/htmldoc/issues/370
https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c
https://ubuntu.com/security/notices/USN-4696-1

Assigned-to

leosilva

Notes

Package

Source: htmldoc (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (1.9.2-1ubuntu0.1)
Ubuntu 20.04 LTS:	not-affected (1.9.7-1)
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-13 13:53:30 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)