{"id":"CVE-2021-26259","details":"A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.","modified":"2026-04-16T04:44:33.879550644Z","published":"2022-03-03T23:15:08.033Z","references":[{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/issues/417"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/michaelrsweet/htmldoc","events":[{"introduced":"0"},{"last_affected":"df5d3010151a506c5ca138548aac02b37fb421f9"},{"fixed":"0ddab26a542c74770317b622e985c52430092ba5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.12"}]}}],"versions":["v1.8.30","v1.9","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9"],"database_specific":{"vanir_signatures_modified":"2026-04-11T13:54:01Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26259.json","vanir_signatures":[{"digest":{"function_hash":"218600234448216911841660260788939554713","length":18849},"id":"CVE-2021-26259-37ceda0f","source":"https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5","signature_version":"v1","signature_type":"Function","deprecated":false,"target":{"function":"parse_table","file":"htmldoc/ps-pdf.cxx"}},{"digest":{"threshold":0.9,"line_hashes":["128876379327595083749542655696666889053","1370456498593750211965591516481733423","331804863011766768119981050720580677248","71453109669892415954646897573039313403","106116800201430848436286106325316001017","327026003027898287717106552398915188505","306706953111438797027416819109067996868","110475806869598580633798762542186652114","55090705300056202677268560906500099448","242866399911546360796033970475891353232","5217088837738141738956783096632921364","273001271368785694587954732885270907040","85298345999575269436669017595823913349","95111104423967790106159557893680432836","80604782751749119024999348504065092718","332247156897573209822998227964581598368","301785530285531026378490276103780302823","284283748358876178501742033099199384904","149119825468574545897235668783095941791","193405809906678048121475003475697584228","264908543890448556101165051533910778339","298821356758397744157679507570076079462"]},"deprecated":false,"source":"https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5","signature_version":"v1","signature_type":"Line","target":{"file":"htmldoc/ps-pdf.cxx"},"id":"CVE-2021-26259-b6f9013e"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}