CVE-2022-0137

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0137
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0137.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-0137
Downstream
Published
2022-11-14T18:15:15.903Z
Modified
2025-11-14T12:39:04.288489Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A heap buffer overflow in imagesetmask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.

References

Affected packages

Git / github.com/michaelrsweet/htmldoc

Affected ranges

Type
GIT
Repo
https://github.com/michaelrsweet/htmldoc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b

Affected versions

v1.*

v1.8.30
v1.9
v1.9.1
v1.9.10
v1.9.11
v1.9.12
v1.9.13
v1.9.14
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b",
        "signature_type": "Line",
        "target": {
            "file": "htmldoc/image.cxx"
        },
        "id": "CVE-2022-0137-8d187efe",
        "digest": {
            "line_hashes": [
                "297472981316507945839698675243757011004",
                "295268479066187838981750786933877699106",
                "180283088309811897946039373889332944095",
                "49970225574026909264440847956427795",
                "162774849934666592158944790360900615107",
                "88962972294982122508466774206613362823",
                "7171333243352453904152759386472981638",
                "51235282975610117606622240123798757686",
                "128143176622412102198312061576007995858",
                "234151772096908441394105233358954655232",
                "322032723577332973482566653982131773070",
                "338988096033338076431520303229355448142",
                "327754122936077237617782704663087344531",
                "22440375215000570540409524770429470750",
                "249671219425354352373369169634643158321"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b",
        "signature_type": "Function",
        "target": {
            "function": "image_load_gif",
            "file": "htmldoc/image.cxx"
        },
        "id": "CVE-2022-0137-9d651ef5",
        "digest": {
            "length": 1959.0,
            "function_hash": "338219982382261317122099606761924980092"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b",
        "signature_type": "Function",
        "target": {
            "function": "image_set_mask",
            "file": "htmldoc/image.cxx"
        },
        "id": "CVE-2022-0137-caf470eb",
        "digest": {
            "length": 1034.0,
            "function_hash": "105585053437073363818563317706400233635"
        },
        "deprecated": false
    }
]