There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blop smaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275 https://github.com/michaelrsweet/htmldoc/issues/471
Created htmldoc tracking bugs for this issue: Affects: fedora-all [bug 2083366]
Created htmldoc tracking bugs for this issue: Affects: epel-7 [bug 2083367] Affects: fedora-34 [bug 2083368]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.