Upstream information

CVE-2009-3050 at MITRE

Description

Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 523721 [RESOLVED / DUPLICATE], 535943 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Subscription Management Tool 11
  • htmldoc >= 1.8.27-170.4.1
Patchnames:
slesmtsp0-htmldoc
SUSE Linux Enterprise SDK 10 SP3
  • htmldoc >= 1.8.25-13.8.1
sle10-sp3-sdk.ia64
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.ppc
sle10-sp3-sdk.x86
sle10-sp3-sdk.s390x
ZYPP Patch Nr: 6717
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • htmldoc >= 1.8.24-3.6
core9.s390
core9.s390x
core9.ppc
core9.ia64
core9.x86
core9.x86-64
YOU Patch Nr: 12560
Subscription Management Tool 11
  • htmldoc >= 1.8.27-170.1.1
smt11.s390x
smt11.x86
smt11.x86-64
SAT Patch Nr: 1681
openSUSE 11.0
  • htmldoc-debuginfo >= 1.8.27-136.2
  • htmldoc-debugsource >= 1.8.27-136.2
openSUSE 11.0
  • htmldoc >= 1.8.27-136.2
openSUSE 11.1
  • htmldoc-debuginfo >= 1.8.27-1.114.1
  • htmldoc-debugsource >= 1.8.27-1.114.1
openSUSE 11.1
  • htmldoc >= 1.8.27-1.114.1
openSUSE 11.2
  • htmldoc-debuginfo >= 1.8.27-173.4.1
  • htmldoc-debugsource >= 1.8.27-173.4.1
openSUSE 11.2
  • htmldoc >= 1.8.27-173.4.1
SUSE Linux Enterprise SDK 10 SP2
  • htmldoc >= 1.8.25-13.8.1
sle10-sp2-sdk.x86-64
sle10-sp2-sdk.s390x
sle10-sp2-sdk.x86
sle10-sp2-sdk.ia64
sle10-sp2-sdk.ppc
ZYPP Patch Nr: 6716
openSUSE Leap 42.1
  • htmldoc >= 1.8.28-3.3
Patchnames:
openSUSE Leap 42.1 GA htmldoc
openSUSE Leap 42.2
  • htmldoc >= 1.8.28-4.4
Patchnames:
openSUSE Leap 42.2 GA htmldoc
openSUSE Leap 42.3
  • htmldoc >= 1.8.28-6.1
Patchnames:
openSUSE Leap 42.3 GA htmldoc
openSUSE Tumbleweed
  • htmldoc >= 1.8.28-2.4
Patchnames:
openSUSE Tumbleweed GA htmldoc


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s) Source package State
SUSE Subscription Management Tool 11.0 htmldoc Released
SUSE Subscription Management Tool 11.3 htmldoc Released