CVE-2022-0137

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-0137

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0137.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-0137

Downstream

DEBIAN-CVE-2022-0137

UBUNTU-CVE-2022-0137

USN-7225-1

Published

2022-11-14T18:15:15.903Z

Modified

2025-11-20T11:57:06.648104Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A heap buffer overflow in imagesetmask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.

References

Affected packages

Git / github.com/michaelrsweet/htmldoc

Affected ranges

Type: GIT
Repo: https://github.com/michaelrsweet/htmldoc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b

Affected versions

v1.*

v1.8.30

v1.9

v1.9.1

v1.9.10

v1.9.11

v1.9.12

v1.9.13

v1.9.14

v1.9.2

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v1.9.8

v1.9.9

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "htmldoc/image.cxx"
        },
        "signature_version": "v1",
        "source": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b",
        "digest": {
            "line_hashes": [
                "297472981316507945839698675243757011004",
                "295268479066187838981750786933877699106",
                "180283088309811897946039373889332944095",
                "49970225574026909264440847956427795",
                "162774849934666592158944790360900615107",
                "88962972294982122508466774206613362823",
                "7171333243352453904152759386472981638",
                "51235282975610117606622240123798757686",
                "128143176622412102198312061576007995858",
                "234151772096908441394105233358954655232",
                "322032723577332973482566653982131773070",
                "338988096033338076431520303229355448142",
                "327754122936077237617782704663087344531",
                "22440375215000570540409524770429470750",
                "249671219425354352373369169634643158321"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2022-0137-8d187efe"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "htmldoc/image.cxx",
            "function": "image_load_gif"
        },
        "signature_version": "v1",
        "source": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b",
        "digest": {
            "length": 1959.0,
            "function_hash": "338219982382261317122099606761924980092"
        },
        "id": "CVE-2022-0137-9d651ef5"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "htmldoc/image.cxx",
            "function": "image_set_mask"
        },
        "signature_version": "v1",
        "source": "https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b",
        "digest": {
            "length": 1034.0,
            "function_hash": "105585053437073363818563317706400233635"
        },
        "id": "CVE-2022-0137-caf470eb"
    }
]