ELA-610-1 htmldoc security update

integer overflow vulnerability

2022-05-13
Packagehtmldoc
Version1.8.27-8+deb8u4
Related CVEs CVE-2022-27114

It was discovered that there was an integer overflow vulnerability in htmldoc, a HTML processor that generates indexed HTML, PS and PDF files. This was caused by a programming error in the image_load_jpeg function due to a conflation or confusion of declared/expected/observed image dimensions.

For Debian 8 Jessie, these problems have been fixed in version 1.8.27-8+deb8u4.

We recommend that you upgrade your htmldoc packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/