Published: 09/09/2022 Updated: 08/08/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
man2html project man2html 1.6g

Debian Bug report logs - #1021738 man2html: CVE-2021-40647 CVE-2021-40648 Package: src:man2html; Maintainer for src:man2html is Robert Luberda <robert@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 13 Oct 2022 19:18:02 UTC Severity: important Tags: security, upstream Reply or subscribe ...

Debian Bug report logs - #1062069 man2html: CVE-2021-40648 Package: src:man2html; Maintainer for src:man2html is Robert Luberda <robert@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 13 Oct 2022 19:18:02 UTC Severity: important Tags: moreinfo, security, upstream Reply or subscribe to t ...

CWE-787 https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021738

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-40647

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect