SB2021061022 - Debian update for htmldoc

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Double Free (CVE-ID: CVE-2021-23158)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the pspdf_export(0 function in ps-pdf.cxx when processing JPEG images. A remote attacker can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Heap-based buffer overflow (CVE-ID: CVE-2021-23165)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the pspdf_prepare_outpages() function in ps-pdf.cxx. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and crash the library.

3) Input validation error (CVE-ID: CVE-2021-23180)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the file_extension() function in file.c. A remote attacker can pass specially crafted URI to the application and perform a denial of service (DoS) attack.

4) Input validation error (CVE-ID: CVE-2021-23191)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted JPEG image to the application and perform a denial of service (DoS) attack.

5) Stack-based buffer overflow (CVE-ID: CVE-2021-23206)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing table attributes in parse_table() function in ps-pdf.cxx. A remote unauthenticated attacker can pass specially crafted data to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Heap-based buffer overflow (CVE-ID: CVE-2021-26252)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the pspdf_prepare_page() function ps-pdf.cxx. A remote attacker can pass specially crafted JPEG image to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Heap-based buffer overflow (CVE-ID: CVE-2021-26259)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the render_table_row() function in ps-pdf.cxx. A remote attacker can pass specially crafted JPEG image to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Input validation error (CVE-ID: CVE-2021-26948)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted URI to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.debian.org/security/2021/dsa-4928