CVE-2021-34121

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-34121
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34121.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-34121
Downstream
Published
2023-07-18T14:15:11Z
Modified
2025-10-15T13:05:07.763798Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.

References

Affected packages

Git / github.com/michaelrsweet/htmldoc

Affected ranges

Type
GIT
Repo
https://github.com/michaelrsweet/htmldoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab

Affected versions

v1.*

v1.8.30
v1.9
v1.9.1
v1.9.10
v1.9.11
v1.9.12
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab",
        "signature_version": "v1",
        "target": {
            "file": "htmldoc/toc.cxx"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74472936324701239189179947801684959794",
                "55580180163099579728845099083603032978",
                "231033111055591428449326968688702924277",
                "303997969498086735175972144008087743931",
                "136510819407222469931225857097045581569",
                "100158749094585702440104975060574168191",
                "97712963103390346151417285033113446307",
                "13284988194101387261281404540878254224",
                "137382518336457156255975746276311425723",
                "287813520798555027340572480736302173802",
                "254945588430117492752515980571743176127",
                "156204025338491728087573202223615622574",
                "168663077649153838021288772676319525891",
                "254398393026790181445279305241951985086",
                "296165482441764967331596794215963612361",
                "236265369848262205135683629570179297954",
                "71083063379609633150757387859141477359",
                "145440472088369733250762007428942013762",
                "16915583702182578439167053626389893954",
                "136510819407222469931225857097045581569",
                "100158749094585702440104975060574168191",
                "97712963103390346151417285033113446307",
                "13284988194101387261281404540878254224",
                "137382518336457156255975746276311425723",
                "287813520798555027340572480736302173802",
                "254945588430117492752515980571743176127",
                "156204025338491728087573202223615622574",
                "168663077649153838021288772676319525891",
                "254398393026790181445279305241951985086",
                "44741077306955054442309078345844855246",
                "197920162013591409756134073573772798068",
                "336227505502026829338264479970000741527",
                "75524125170525172466023950428630577758",
                "291686065635324859690916511548991378725",
                "289867597641689174005533546182451973200",
                "200115303295893617819073405178461201287",
                "102897487371762264111961786911652767356",
                "131960848055316204850756882972887752017",
                "80206706498917876932199752486436634091",
                "123510432370152088149460924722116747352",
                "169753152734000138816479692849255581888",
                "232193828316246666576817002314865459382",
                "18043997377037808775833439037704654356",
                "297344599869978593252793959677691625128",
                "338071800844677981050550650841047104132",
                "8327694540124008966890916077310382084",
                "169753152734000138816479692849255581888",
                "232193828316246666576817002314865459382",
                "18043997377037808775833439037704654356",
                "297344599869978593252793959677691625128",
                "142021917151760295687777055444947702020",
                "241691337226971162070895291377909663754",
                "71084088347455066141909670200096205525",
                "248927125995989411004129146597820987586",
                "15308741516975336523258865184866678262",
                "71084088347455066141909670200096205525",
                "34971717123556518175246578456971330450",
                "133487449318393087696886960813423433847",
                "130712320544829847109540339138780468742",
                "249340349533909115787145620551344029929"
            ]
        },
        "id": "CVE-2021-34121-0b0571b9"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab",
        "signature_version": "v1",
        "target": {
            "file": "htmldoc/util.cxx"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "254945588430117492752515980571743176127",
                "156204025338491728087573202223615622574",
                "168663077649153838021288772676319525891",
                "254398393026790181445279305241951985086",
                "44741077306955054442309078345844855246",
                "161228786262266711974774693856062731782",
                "334172515304612448522043642664865770953",
                "254945588430117492752515980571743176127",
                "156204025338491728087573202223615622574",
                "168663077649153838021288772676319525891",
                "254398393026790181445279305241951985086",
                "44741077306955054442309078345844855246",
                "53687306164478336945583600245266764876",
                "202573574900019112966249430364816390849",
                "30555600080420207520293975831967233764",
                "257501766399087055453094261677246889426",
                "205326247049602650948035894470933335776",
                "92049542674518074564398348438764565333",
                "64878590232215452664093487998837411876",
                "170876604595952287167027538256230120476",
                "202549502179174395069083155704864071137",
                "334085483994834958771608232062383107278",
                "298460166259424558923816723553143542298",
                "257501766399087055453094261677246889426",
                "205326247049602650948035894470933335776",
                "92049542674518074564398348438764565333",
                "64878590232215452664093487998837411876",
                "170876604595952287167027538256230120476",
                "17884904797321257895563039850523992234",
                "251503093283914066320111701909458696156",
                "169098607151100862233500256175542122871",
                "338729493765452085523800935541878333584",
                "26701777582607435092094014669621414737",
                "253750924663450459927394914324965978205",
                "121189069769601455198383315855945079537",
                "251503093283914066320111701909458696156",
                "169098607151100862233500256175542122871",
                "338729493765452085523800935541878333584",
                "26701777582607435092094014669621414737",
                "1410986588060077616547208258867887209",
                "197142122561619628631400298440340798294"
            ]
        },
        "id": "CVE-2021-34121-36b74391"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab",
        "signature_version": "v1",
        "target": {
            "function": "format_number",
            "file": "htmldoc/util.cxx"
        },
        "digest": {
            "function_hash": "51912260901529355829686230770584837860",
            "length": 1671.0
        },
        "id": "CVE-2021-34121-6b46390f"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab",
        "signature_version": "v1",
        "target": {
            "function": "parse_tree",
            "file": "htmldoc/toc.cxx"
        },
        "digest": {
            "function_hash": "147639605279641305254013515483433268280",
            "length": 5870.0
        },
        "id": "CVE-2021-34121-7fcb07d5"
    }
]