Upstream information

CVE-2024-45508 at MITRE

Description

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.

SUSE information

Overall state of this security issue: Analysis

This issue is currently rated as having critical severity.

CVSS v3 Scores
  National Vulnerability Database
Base Score 9.8
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1230022 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP5
  • htmldoc >= 1.9.16-bp155.2.3.1
Patchnames:
openSUSE-2024-304
SUSE Package Hub 15 SP6
  • htmldoc >= 1.9.16-bp156.3.3.1
Patchnames:
openSUSE-2024-303
openSUSE Leap 15.5
  • htmldoc >= 1.9.16-bp155.2.3.1
Patchnames:
openSUSE-2024-304
openSUSE Leap 15.6
  • htmldoc >= 1.9.16-bp156.3.3.1
Patchnames:
openSUSE-2024-303
openSUSE Tumbleweed
  • htmldoc >= 1.9.18-2.1
Patchnames:
openSUSE-Tumbleweed-2024-14308


SUSE Timeline for this CVE

CVE page created: Mon Sep 2 02:00:02 2024
CVE page last modified: Fri Sep 20 12:07:49 2024