{"id":"CVE-2022-34035","details":"HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.","modified":"2026-04-12T02:57:01.370639Z","published":"2022-07-18T21:15:08.127Z","references":[{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/issues/426"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/michaelrsweet/htmldoc","events":[{"introduced":"0"},{"last_affected":"df5d3010151a506c5ca138548aac02b37fb421f9"},{"fixed":"a0014be47d614220db111b360fb6170ef6f3937e"},{"fixed":"ee778252faebb721afba5a081dd6ad7eaf20eef3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.12"}]}}],"versions":["v1.8.30","v1.9","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9"],"database_specific":{"vanir_signatures":[{"id":"CVE-2022-34035-0c439e4a","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["11010690573073373580475564536898215144","236316283598532968317843142618347846715","145973939134357512795454432063857196233","138927736457626378013633625171807371122"],"threshold":0.9},"signature_version":"v1","target":{"file":"htmldoc/htmlsep.cxx"},"source":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"},{"id":"CVE-2022-34035-1fbddf92","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["234785802684792096917207989401605288278","107672797784367060433788604832715650575","126775171584662616747868599505292290663","141977703225416445065225212901493540205","138808994154111565723513260536960505260","158664751007983522563107000516190651111","245598300303168395589188424596280455781","114467633332899921658977922439920740892","64780672789368538494132268719342144961","202423935383213673756913408541880303964","160910629128377498137551931738960734278","113945988469408376540251915538173454550","127316884730954973287442813256628260259","121593319098276441906138329850905266813","277240015104719155192838511861601358151","84569678992013683809641059764502864028"],"threshold":0.9},"signature_version":"v1","target":{"file":"htmldoc/htmllib.cxx"},"source":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"},{"id":"CVE-2022-34035-77d4de2d","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["281283668154379978146099682993417865941","11010690573073373580475564536898215144","236316283598532968317843142618347846715","145973939134357512795454432063857196233","138927736457626378013633625171807371122"],"threshold":0.9},"signature_version":"v1","target":{"file":"htmldoc/html.cxx"},"source":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"},{"id":"CVE-2022-34035-7e1e90f6","deprecated":false,"signature_type":"Function","digest":{"length":3580,"function_hash":"175863848132261062858669516373905615154"},"signature_version":"v1","target":{"function":"write_node","file":"htmldoc/htmlsep.cxx"},"source":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"},{"id":"CVE-2022-34035-af65db43","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["262806988648920606190884753042407998572","242810262689368385328692602182116265446","312538155704082972608823509445976074895","278788631131752346286035340557475704262","190177450537050358124259763931810504927","20478792993146418444206333529513627782","102043806513715176829813927614663154016","124765032087851127907750529542039045826","62241978059388003535691878735061670763","27784967264506964768214472104567925846"],"threshold":0.9},"signature_version":"v1","target":{"file":"htmldoc/testhtml.cxx"},"source":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"},{"id":"CVE-2022-34035-b914cac3","deprecated":false,"signature_type":"Function","digest":{"length":3595,"function_hash":"139865939855947168328976917133857666007"},"signature_version":"v1","target":{"function":"write_node","file":"htmldoc/html.cxx"},"source":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"},{"id":"CVE-2022-34035-ccd1aa28","deprecated":false,"signature_type":"Function","digest":{"length":339,"function_hash":"278557957529530301282223491898702162415"},"signature_version":"v1","target":{"function":"show_tree","file":"htmldoc/testhtml.cxx"},"source":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"},{"id":"CVE-2022-34035-dba96d92","deprecated":false,"signature_type":"Function","digest":{"length":677,"function_hash":"76173524937074759609021912018594316081"},"signature_version":"v1","target":{"function":"htmlGetText","file":"htmldoc/htmllib.cxx"},"source":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"}],"vanir_signatures_modified":"2026-04-12T02:57:01Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34035.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}