A heap buffer overflow in image_set_mask function of HTMLDOC prior to 1.9.15 allows an malicious user to write outside the buffer boundaries.
htmldoc project htmldoc