{"id":"CVE-2021-23206","details":"A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf.cxx may lead to execute arbitrary code and denial of service.","modified":"2026-04-16T04:43:12.675340651Z","published":"2022-03-02T23:15:08.460Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/CVE-2021-23206"},{"type":"REPORT","url":"https://github.com/michaelrsweet/htmldoc/issues/416"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1967028"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/michaelrsweet/htmldoc","events":[{"introduced":"0"},{"last_affected":"df5d3010151a506c5ca138548aac02b37fb421f9"},{"fixed":"ba61a3ece382389ae4482c7027af8b32e8ab4cc8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.12"}]}}],"versions":["v1.8.30","v1.9","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","target":{"file":"htmldoc/ps-pdf.cxx","function":"render_table_row"},"digest":{"length":16179,"function_hash":"286740561967303496883007309346580622876"},"deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8","id":"CVE-2021-23206-1b6a26db"},{"signature_type":"Line","signature_version":"v1","target":{"file":"htmldoc/ps-pdf.cxx"},"digest":{"line_hashes":["226305219384265653921651652291527168498","312786812986221524017030466711465721759","248881942351859967399891898708216035900","100044695840884250015235649283980975188","67369235504030147037387646618481637029","68560888885934909608735818683816569441","283399597847895068512198141070330852352","207968872124558090440769507997069876452","202211541399609575394648521218735327191","111931546384935815270989048337050235836","91871316662392284632946802558202801936","40200726183932834868101819092894647972","26357264643605942196638892146108110582","47340553285007915119623372580896477598","114870920087860501124723412437940591453","218953146322284919093319144259412888686"],"threshold":0.9},"deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8","id":"CVE-2021-23206-779113e7"},{"signature_type":"Function","signature_version":"v1","id":"CVE-2021-23206-858b0bab","digest":{"length":19153,"function_hash":"233701428516035447414400569068903417021"},"deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8","target":{"file":"htmldoc/ps-pdf.cxx","function":"parse_table"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23206.json","vanir_signatures_modified":"2026-04-11T13:53:52Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}