Debian-LTS has issued an advisory on May 13: https://www.debian.org/lts/security/2022/dla-3004 The issue is fixed upstream in 1.9.16. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.9.16CC: (none) => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. (CVE-2022-27114) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27114 https://www.debian.org/lts/security/2022/dla-3004 ======================== Updated packages in core/updates_testing: ======================== htmldoc-1.9.15-1.1.mga8 htmldoc-nogui-1.9.15-1.1.mga8 from SRPM: htmldoc-1.9.15-1.1.mga8.src.rpm
Status comment: Fixed upstream in 1.9.16 => (none)Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Assignee: bugsquad => qa-bugsCVE: (none) => CVE-2022-27114Status: NEW => ASSIGNED
mga8-64 Plasma. No installation issues. Tested as in https://bugs.mageia.org/show_bug.cgi?id=29914#c3 and both gui and nogui versions produced a pdf file that was readable in Okular. The pdf did not look exactly as the html files looked in Firefox, but that was a feature. They were reformatted for a standard sheet of paper, rather than for a 24-inch monitor screen. Looks OK here. Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0191.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED