N/A

Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.

N/A

N/A

HTMLDOC html文件处理栈溢出漏洞

HTMLDOC是用于将HTML文件和网页转换为适合在线查看和打印的索引HTML、PostScript和PDF文件的工具。 HTMLDOC的htmldoc/util.cxx文件中的sscanf()和set_page_size()函数存在栈溢出漏洞。如果用户受骗打开了包含有特制MEDIA SIZE标注的HTML文档的话，就可以触发这个溢出，导致执行任意指令。

N/A

N/A