{"id":"CVE-2022-27114","details":"There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img-\u003ewidth' and 'img-\u003eheight' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.","modified":"2026-02-24T01:21:50.156621Z","published":"2022-05-09T17:15:09.130Z","related":["MGASA-2022-0191","openSUSE-SU-2024:12071-1"],"references":[{"type":"ADVISORY","url":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"},{"type":"ADVISORY","url":"https://github.com/michaelrsweet/htmldoc/issues/471"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"},{"type":"REPORT","url":"https://github.com/michaelrsweet/htmldoc/issues/471"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00014.html"},{"type":"EVIDENCE","url":"https://github.com/michaelrsweet/htmldoc/issues/471"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/michaelrsweet/htmldoc","events":[{"introduced":"0"},{"fixed":"31f780487e5ddc426888638786cdc47631687275"}]}],"versions":["v1.8.30","v1.9","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.13","v1.9.14","v1.9.15","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","signature_type":"Line","target":{"file":"htmldoc/image.cxx"},"id":"CVE-2022-27114-973186cc","digest":{"line_hashes":["22248037274654815650576322048949287649","296267264495823945779616527713243343029","54805180142347034579293677483579791376","20168580982717471945539945481714769220","161029606450311038018640252069572140345","44015766389042975539425594357402522582","199150106324938499033452393139848187681","319593469495359680306054830735473771766","199852375355020133944898896514129910403","216794987705941529715646134661982004094","297929791160051720547755394787491271325","7171333243352453904152759386472981638","51235282975610117606622240123798757686","139219188293486094321898282517797944219","95795465467944516194981923126261552544","187404233367137448172080560522809448340","260172315706847100484704933799299393600","74720969679059144997190065584026944843","268732769885590353792037465098898972395","281414488574503611417848351362295128022","138700746721977183646352493457492251959"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","signature_type":"Function","target":{"file":"htmldoc/image.cxx","function":"image_load_gif"},"id":"CVE-2022-27114-9bd92723","digest":{"function_hash":"241568264683061213505846123332327175641","length":1959}},{"signature_version":"v1","deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","signature_type":"Function","target":{"file":"htmldoc/image.cxx","function":"image_load_jpeg"},"id":"CVE-2022-27114-dd877a75","digest":{"function_hash":"73575095114162104851611625724241060175","length":1690}},{"signature_version":"v1","deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","signature_type":"Function","target":{"file":"htmldoc/image.cxx","function":"image_load_png"},"id":"CVE-2022-27114-ef3bc290","digest":{"function_hash":"92107085259171046339019667125662630305","length":4174}},{"signature_version":"v1","deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275","signature_type":"Function","target":{"file":"htmldoc/image.cxx","function":"image_load_bmp"},"id":"CVE-2022-27114-f8105265","digest":{"function_hash":"206302635082091458458529011910038932243","length":4392}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27114.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}