OPENSUSE-SU-2026:20219-1
Vulnerability from csaf_opensuse - Published: 2026-02-13 16:07 - Updated: 2026-02-13 16:07Summary
Security update for htmldoc
Notes
Title of the patch
Security update for htmldoc
Description of the patch
This update for htmldoc fixes the following issues:
Changes in htmldoc:
- CVE-2024-46478: Fixed buffer overflow when handling tabs through the parse_pre function (bsc#1232380).
- version update to 1.9.23:
* Fixed a regression in list handling that caused a crash for empty list items
(Issue #553)
* Fixed a regression in the number of rendered table of contents levels in PDF
and PostScript output (Issue #554)
- version update to 1.9.22:
* Added a "--without-http" configure option to build without CUPS HTTP/HTTPS
support (Issue #547)
* Updated HTTP/HTTPS support to work with both CUPS 2.x and 3.x.
* Updated the maximum image dimension to prevent integer overflow on 32-bit
platforms (Issue #550)
* Updated the HTML parser to correctly report the line number of errors in files
with more than 2^32-1 lines (Issue #551)
* Fixed a crash bug with certain markdown files (Issue #548)
* Fixed an unrestricted recursion bug when reading and formatting HTML (Issue #552)
- version update to 1.9.21
* Updated HTTP/HTTPS connection error reporting to include the reason.
* Updated markdown parser.
* Updated the HTTP/HTTPS connection timeout to 5 minutes (Issue #541)
* Fixed a bug in the new PDF link code (Issue #536)
* Fixed a bug in the number-up code (Issue #539)
* Fixed a regression in leading whitespace handling (Issue #540)
* Fixed a bug in numbered heading support (Issue #543)
* Fixed a bug with setting the header on the first page (Issue #544)
* Fixed paths in the HTMLDOC snap (Issue #545)
- update to 1.9.20:
* Fix a regression that caused spaces to disappear between some words
* Fix resolution of relative links within a document
- includes changes from 1.9.19:
* Add support for ‘file’ method in links
* Update markdown support code to mmd
* Fix hyperlinks to subfolders
* Fix export of UTF-8 HTML
* Fix handling of whitespace-only nodes
* Fix case sensitivity of link targets
Patchnames
openSUSE-Leap-16.0-packagehub-128
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for htmldoc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for htmldoc fixes the following issues:\n\nChanges in htmldoc:\n\n- CVE-2024-46478: Fixed buffer overflow when handling tabs through the parse_pre function (bsc#1232380).\n\n- version update to 1.9.23:\n * Fixed a regression in list handling that caused a crash for empty list items\n (Issue #553)\n * Fixed a regression in the number of rendered table of contents levels in PDF\n and PostScript output (Issue #554)\n\n- version update to 1.9.22:\n * Added a \"--without-http\" configure option to build without CUPS HTTP/HTTPS\n support (Issue #547)\n * Updated HTTP/HTTPS support to work with both CUPS 2.x and 3.x.\n * Updated the maximum image dimension to prevent integer overflow on 32-bit\n platforms (Issue #550)\n * Updated the HTML parser to correctly report the line number of errors in files\n with more than 2^32-1 lines (Issue #551)\n * Fixed a crash bug with certain markdown files (Issue #548)\n * Fixed an unrestricted recursion bug when reading and formatting HTML (Issue #552)\n\n- version update to 1.9.21\n * Updated HTTP/HTTPS connection error reporting to include the reason.\n * Updated markdown parser.\n * Updated the HTTP/HTTPS connection timeout to 5 minutes (Issue #541)\n * Fixed a bug in the new PDF link code (Issue #536)\n * Fixed a bug in the number-up code (Issue #539)\n * Fixed a regression in leading whitespace handling (Issue #540)\n * Fixed a bug in numbered heading support (Issue #543)\n * Fixed a bug with setting the header on the first page (Issue #544)\n * Fixed paths in the HTMLDOC snap (Issue #545)\n\n- update to 1.9.20:\n * Fix a regression that caused spaces to disappear between some words\n * Fix resolution of relative links within a document\n\n- includes changes from 1.9.19:\n * Add support for \u2018file\u2019 method in links\n * Update markdown support code to mmd\n * Fix hyperlinks to subfolders\n * Fix export of UTF-8 HTML\n * Fix handling of whitespace-only nodes\n * Fix case sensitivity of link targets\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-128",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20219-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1232380",
"url": "https://bugzilla.suse.com/1232380"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45508 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-46478 page",
"url": "https://www.suse.com/security/cve/CVE-2024-46478/"
}
],
"title": "Security update for htmldoc",
"tracking": {
"current_release_date": "2026-02-13T16:07:48Z",
"generator": {
"date": "2026-02-13T16:07:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20219-1",
"initial_release_date": "2026-02-13T16:07:48Z",
"revision_history": [
{
"date": "2026-02-13T16:07:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "htmldoc-1.9.23-bp160.1.1.aarch64",
"product": {
"name": "htmldoc-1.9.23-bp160.1.1.aarch64",
"product_id": "htmldoc-1.9.23-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "htmldoc-1.9.23-bp160.1.1.ppc64le",
"product": {
"name": "htmldoc-1.9.23-bp160.1.1.ppc64le",
"product_id": "htmldoc-1.9.23-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "htmldoc-1.9.23-bp160.1.1.s390x",
"product": {
"name": "htmldoc-1.9.23-bp160.1.1.s390x",
"product_id": "htmldoc-1.9.23-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "htmldoc-1.9.23-bp160.1.1.x86_64",
"product": {
"name": "htmldoc-1.9.23-bp160.1.1.x86_64",
"product_id": "htmldoc-1.9.23-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "htmldoc-1.9.23-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.aarch64"
},
"product_reference": "htmldoc-1.9.23-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "htmldoc-1.9.23-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.ppc64le"
},
"product_reference": "htmldoc-1.9.23-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "htmldoc-1.9.23-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.s390x"
},
"product_reference": "htmldoc-1.9.23-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "htmldoc-1.9.23-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.x86_64"
},
"product_reference": "htmldoc-1.9.23-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45508"
}
],
"notes": [
{
"category": "general",
"text": "HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45508",
"url": "https://www.suse.com/security/cve/CVE-2024-45508"
},
{
"category": "external",
"summary": "SUSE Bug 1230022 for CVE-2024-45508",
"url": "https://bugzilla.suse.com/1230022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T16:07:48Z",
"details": "critical"
}
],
"title": "CVE-2024-45508"
},
{
"cve": "CVE-2024-46478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-46478"
}
],
"notes": [
{
"category": "general",
"text": "HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-46478",
"url": "https://www.suse.com/security/cve/CVE-2024-46478"
},
{
"category": "external",
"summary": "SUSE Bug 1232380 for CVE-2024-46478",
"url": "https://bugzilla.suse.com/1232380"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.aarch64",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.s390x",
"openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T16:07:48Z",
"details": "critical"
}
],
"title": "CVE-2024-46478"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…