{"id":"CVE-2022-0534","details":"A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).","modified":"2026-04-16T04:39:30.446750163Z","published":"2022-02-09T23:15:16.767Z","related":["SUSE-SU-2022:14898-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/02/msg00022.html"},{"type":"REPORT","url":"https://github.com/michaelrsweet/htmldoc/issues/463"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/michaelrsweet/htmldoc","events":[{"introduced":"0"},{"last_affected":"b66755a38ac6b05275f4bb20ff2e854ef515dba9"},{"fixed":"312f0f9c12f26fbe015cd0e6cefa40e4b99017d9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.15"}]}}],"versions":["v1.8.30","v1.9","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.13","v1.9.14","v1.9.15","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"vanir_signatures_modified":"2026-04-12T09:22:00Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0534.json","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"61006888649969542788776187617613035012","length":1018},"source":"https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9","target":{"function":"gif_read_image","file":"htmldoc/image.cxx"},"id":"CVE-2022-0534-04cbff3a","deprecated":false},{"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["217608819493624789691786009379105025882","39718001466982375851625521278008146146","220843239006393782119396818274077327800","135412956098730307979935368414269789938","279047646562669804342462782780734892588","40987235627613882659394359311630063746","323702403332425694384612584592530196892"]},"source":"https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9","target":{"file":"htmldoc/image.cxx"},"id":"CVE-2022-0534-50a64bb0","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}