{"id":"CVE-2021-40648","details":"In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.","modified":"2026-03-14T11:08:54.646498Z","published":"2022-09-09T18:15:09.247Z","references":[{"type":"EVIDENCE","url":"https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40648.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.6g"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}