CVE-2022-28085

A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdfwritenames in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).

References

Affected packages

Git / github.com/michaelrsweet/htmldoc

Affected ranges

Type: GIT
Repo: https://github.com/michaelrsweet/htmldoc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

46c8ec2b9bccb8ccabff52d998c5eee77a228348

Affected versions

v1.*

v1.8.30

v1.9

v1.9.1

v1.9.10

v1.9.11

v1.9.12

v1.9.13

v1.9.14

v1.9.15

v1.9.2

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v1.9.8

v1.9.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28085.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "htmldoc/ps-pdf.cxx",
            "function": "pdf_write_names"
        },
        "deprecated": false,
        "source": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348",
        "digest": {
            "length": 1284.0,
            "function_hash": "25789124432837364923987592691643841617"
        },
        "id": "CVE-2022-28085-322ea87c"
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "htmldoc/ps-pdf.cxx"
        },
        "deprecated": false,
        "source": "https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348",
        "digest": {
            "line_hashes": [
                "83231825606128046903467581598764065347",
                "119108905711847759334100117435727871152",
                "193643972328961041793432327525559741087"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2022-28085-7cc2c32c"
    }
]