Source: man2html X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for man2html. CVE-2021-40647[0]: | In man2html 1.6g, a specific string being read in from a file will | overwrite the size parameter in the top chunk of the heap. This at | least causes the program to segmentation abort if the heap size | parameter isn't aligned correctly. In version before GLIBC version | 2.29 and aligned correctly, it allows arbitrary write anywhere in the | programs memory. CVE-2021-40648[1]: | In man2html 1.6g, a filename can be created to overwrite the previous | size parameter of the next chunk and the fd, bk, fd_nextsize, | bk_nextsize of the current chunk. The next chunk is then freed later | on, causing a freeing of an arbitrary amount of memory. https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-40647 https://www.cve.org/CVERecord?id=CVE-2021-40647 [1] https://security-tracker.debian.org/tracker/CVE-2021-40648 https://www.cve.org/CVERecord?id=CVE-2021-40648 Please adjust the affected versions in the BTS as needed.
