CVE-2024-45508 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-45508 at MITRE

Description

HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.

SUSE information

Overall state of this security issue: Analysis

This issue is currently rated as having critical severity.

CVSS v3 Scores
	National Vulnerability Database
Base Score	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1230022 [NEW]

SUSE Security Advisories:

openSUSE-SU-2024:0303-1, published Mon Sep 16 22:48:11 2024
openSUSE-SU-2024:0304-1, published Mon Sep 16 22:48:11 2024

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP5	`htmldoc >= 1.9.16-bp155.2.3.1`	Patchnames: openSUSE-2024-304
SUSE Package Hub 15 SP6	`htmldoc >= 1.9.16-bp156.3.3.1`	Patchnames: openSUSE-2024-303
openSUSE Leap 15.5	`htmldoc >= 1.9.16-bp155.2.3.1`	Patchnames: openSUSE-2024-304
openSUSE Leap 15.6	`htmldoc >= 1.9.16-bp156.3.3.1`	Patchnames: openSUSE-2024-303
openSUSE Tumbleweed	`htmldoc >= 1.9.18-2.1`	Patchnames: openSUSE-Tumbleweed-2024-14308

SUSE Timeline for this CVE

CVE page created: Mon Sep 2 02:00:02 2024
CVE page last modified: Fri Sep 20 12:07:49 2024