...
Commonly distributed 3rd party executables with CVE score Critical and High
date | CVE | library | description | versions | Risk for Delft-FEWS | JIRA | upgrade strategy |
---|---|---|---|---|---|---|---|
Apr 2022 | CVE-2022-28085 | htmldoc (optionally supplied component not part of the Delft-FEWS binaries) | A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). | Up to 2022-03-24 | Up to (excluding) 2022-03-24 | FEWS-27693 |
When using htmldoc, the end-user must be supplied with updated version from https://github.com/michaelrsweet/htmldoc/releases |