openSUSE has issued an advisory on February 17: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3NVMNRQWPBYKG2XDRDYA4JPEMALW53MA/ The issue is fixed upstream in 1.9.15. Mageia 8 is also affected.
CC: (none) => nicolas.salgueroStatus comment: (none) => Fixed upstream in 1.9.15Whiteboard: (none) => MGA8TOO
Suggested advisory: ======================== The updated packages fix a security vulnerability: A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). (CVE-2022-0534) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0534 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3NVMNRQWPBYKG2XDRDYA4JPEMALW53MA/ ======================== Updated packages in core/updates_testing: ======================== htmldoc-1.9.15-1.mga8 htmldoc-nogui-1.9.15-1.mga8 from SRPM: htmldoc-1.9.15-1.mga8.src.rpm
Assignee: bugsquad => qa-bugsCVE: (none) => CVE-2022-0534Status: NEW => ASSIGNEDVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 1.9.15 => (none)
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues used htmldoc to convert oe of my own webpages tp pdf. First try failed with message "Did you rememeber to set webpage mode?" After selecting that option in the Input tab, I could generate a deent looking pdf file. So OK for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Advisory committed to svn. Validating the update.
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0082.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
This update also fixed CVE-2022-24191: https://bugzilla.suse.com/show_bug.cgi?id=1198204