oss-sec mailing list archives
CVE Request -- HTMLDOC
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Sat, 18 Jul 2009 13:09:09 +0200
Hello Steve, vendors, a stack-based buffer overflow by processing user-supplied input was found (by ANTHRAX666) in HTMLDOC's routine, used to set the result page output size for custom page sizes. References: ----------- http://secunia.com/advisories/35780/2/ (Secunia advisory) http://packetstormsecurity.org/0907-exploits/htmldoc-overflow.txt (original proof of concept) http://bugs.gentoo.org/show_bug.cgi?id=278186 (Gentoo's BTS entry) Affected versions: Vulnerability confirmed in htmldoc-1.8.27 ----------------- (other versions may be also affected). Could you please allocate a new CVE identifier for it? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- HTMLDOC Jan Lieskovsky (Jul 18)
- Re: CVE Request -- HTMLDOC Nico Golde (Jul 25)
- Re: CVE Request -- HTMLDOC Alex Legler (Jul 26)
- Re: CVE Request -- HTMLDOC Alex Legler (Sep 01)
- Re: CVE Request -- HTMLDOC Steven M. Christey (Sep 02)
- Re: CVE Request -- HTMLDOC Nico Golde (Jul 25)