CVE-2022-27114

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-190
View all →

Vulnerability Description

There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.

Related Vulnerabilities

CVE-2011-4097

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termin...

CWE-1902011

CVE-2012-0038

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, l...

CWE-1902012

CVE-2015-1526

MEDIUM
CVSS:5.5(Medium)

The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.

CWE-1902015

CVE-2015-4645

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which tri...

CWE-1902015

CVE-2015-8933

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted...

CWE-1902015

CVE-2016-3712

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

CWE-1902016