CVE-2021-34121

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-34121
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34121.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-34121
Downstream
Published
2023-07-18T14:15:11Z
Modified
2025-09-16T07:16:31.207593Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.

References

Affected packages

Debian:11 / htmldoc

Package

Name
htmldoc
Purl
pkg:deb/debian/htmldoc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.11-4
1.9.11-4+deb11u1
1.9.11-4+deb11u2
1.9.11-4+deb11u3
1.9.12-1
1.9.13-1
1.9.14-1
1.9.15-1
1.9.15-2
1.9.16-1
1.9.17-1
1.9.18-1
1.9.18-2
1.9.18-3
1.9.19-1
1.9.20-1
1.9.21-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / htmldoc

Package

Name
htmldoc
Purl
pkg:deb/debian/htmldoc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.13-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / htmldoc

Package

Name
htmldoc
Purl
pkg:deb/debian/htmldoc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.13-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:14 / htmldoc

Package

Name
htmldoc
Purl
pkg:deb/debian/htmldoc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.13-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Git / github.com/michaelrsweet/htmldoc

Affected ranges

Type
GIT
Repo
https://github.com/michaelrsweet/htmldoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab

Affected versions

v1.*

v1.8.30
v1.9
v1.9.1
v1.9.10
v1.9.11
v1.9.12
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9

Database specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "id": "CVE-2021-34121-0b0571b9",
            "source": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "htmldoc/toc.cxx"
            },
            "digest": {
                "line_hashes": [
                    "74472936324701239189179947801684959794",
                    "55580180163099579728845099083603032978",
                    "231033111055591428449326968688702924277",
                    "303997969498086735175972144008087743931",
                    "136510819407222469931225857097045581569",
                    "100158749094585702440104975060574168191",
                    "97712963103390346151417285033113446307",
                    "13284988194101387261281404540878254224",
                    "137382518336457156255975746276311425723",
                    "287813520798555027340572480736302173802",
                    "254945588430117492752515980571743176127",
                    "156204025338491728087573202223615622574",
                    "168663077649153838021288772676319525891",
                    "254398393026790181445279305241951985086",
                    "296165482441764967331596794215963612361",
                    "236265369848262205135683629570179297954",
                    "71083063379609633150757387859141477359",
                    "145440472088369733250762007428942013762",
                    "16915583702182578439167053626389893954",
                    "136510819407222469931225857097045581569",
                    "100158749094585702440104975060574168191",
                    "97712963103390346151417285033113446307",
                    "13284988194101387261281404540878254224",
                    "137382518336457156255975746276311425723",
                    "287813520798555027340572480736302173802",
                    "254945588430117492752515980571743176127",
                    "156204025338491728087573202223615622574",
                    "168663077649153838021288772676319525891",
                    "254398393026790181445279305241951985086",
                    "44741077306955054442309078345844855246",
                    "197920162013591409756134073573772798068",
                    "336227505502026829338264479970000741527",
                    "75524125170525172466023950428630577758",
                    "291686065635324859690916511548991378725",
                    "289867597641689174005533546182451973200",
                    "200115303295893617819073405178461201287",
                    "102897487371762264111961786911652767356",
                    "131960848055316204850756882972887752017",
                    "80206706498917876932199752486436634091",
                    "123510432370152088149460924722116747352",
                    "169753152734000138816479692849255581888",
                    "232193828316246666576817002314865459382",
                    "18043997377037808775833439037704654356",
                    "297344599869978593252793959677691625128",
                    "338071800844677981050550650841047104132",
                    "8327694540124008966890916077310382084",
                    "169753152734000138816479692849255581888",
                    "232193828316246666576817002314865459382",
                    "18043997377037808775833439037704654356",
                    "297344599869978593252793959677691625128",
                    "142021917151760295687777055444947702020",
                    "241691337226971162070895291377909663754",
                    "71084088347455066141909670200096205525",
                    "248927125995989411004129146597820987586",
                    "15308741516975336523258865184866678262",
                    "71084088347455066141909670200096205525",
                    "34971717123556518175246578456971330450",
                    "133487449318393087696886960813423433847",
                    "130712320544829847109540339138780468742",
                    "249340349533909115787145620551344029929"
                ],
                "threshold": 0.9
            }
        },
        {
            "signature_type": "Line",
            "id": "CVE-2021-34121-36b74391",
            "source": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "htmldoc/util.cxx"
            },
            "digest": {
                "line_hashes": [
                    "254945588430117492752515980571743176127",
                    "156204025338491728087573202223615622574",
                    "168663077649153838021288772676319525891",
                    "254398393026790181445279305241951985086",
                    "44741077306955054442309078345844855246",
                    "161228786262266711974774693856062731782",
                    "334172515304612448522043642664865770953",
                    "254945588430117492752515980571743176127",
                    "156204025338491728087573202223615622574",
                    "168663077649153838021288772676319525891",
                    "254398393026790181445279305241951985086",
                    "44741077306955054442309078345844855246",
                    "53687306164478336945583600245266764876",
                    "202573574900019112966249430364816390849",
                    "30555600080420207520293975831967233764",
                    "257501766399087055453094261677246889426",
                    "205326247049602650948035894470933335776",
                    "92049542674518074564398348438764565333",
                    "64878590232215452664093487998837411876",
                    "170876604595952287167027538256230120476",
                    "202549502179174395069083155704864071137",
                    "334085483994834958771608232062383107278",
                    "298460166259424558923816723553143542298",
                    "257501766399087055453094261677246889426",
                    "205326247049602650948035894470933335776",
                    "92049542674518074564398348438764565333",
                    "64878590232215452664093487998837411876",
                    "170876604595952287167027538256230120476",
                    "17884904797321257895563039850523992234",
                    "251503093283914066320111701909458696156",
                    "169098607151100862233500256175542122871",
                    "338729493765452085523800935541878333584",
                    "26701777582607435092094014669621414737",
                    "253750924663450459927394914324965978205",
                    "121189069769601455198383315855945079537",
                    "251503093283914066320111701909458696156",
                    "169098607151100862233500256175542122871",
                    "338729493765452085523800935541878333584",
                    "26701777582607435092094014669621414737",
                    "1410986588060077616547208258867887209",
                    "197142122561619628631400298440340798294"
                ],
                "threshold": 0.9
            }
        },
        {
            "signature_type": "Function",
            "id": "CVE-2021-34121-6b46390f",
            "source": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "function": "format_number",
                "file": "htmldoc/util.cxx"
            },
            "digest": {
                "length": 1671.0,
                "function_hash": "51912260901529355829686230770584837860"
            }
        },
        {
            "signature_type": "Function",
            "id": "CVE-2021-34121-7fcb07d5",
            "source": "https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "function": "parse_tree",
                "file": "htmldoc/toc.cxx"
            },
            "digest": {
                "length": 5870.0,
                "function_hash": "147639605279641305254013515483433268280"
            }
        }
    ]
}