{"id":"CVE-2022-34035","details":"HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.","modified":"2026-04-12T02:57:01.370639Z","published":"2022-07-18T21:15:08.127Z","references":[{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3"},{"type":"FIX","url":"https://github.com/michaelrsweet/htmldoc/issues/426"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/michaelrsweet/htmldoc","events":[{"introduced":"0"},{"last_affected":"df5d3010151a506c5ca138548aac02b37fb421f9"},{"fixed":"a0014be47d614220db111b360fb6170ef6f3937e"},{"fixed":"ee778252faebb721afba5a081dd6ad7eaf20eef3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.12"}]}}],"versions":["v1.8.30","v1.9","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9"],"database_specific":{"vanir_signatures_modified":"2026-04-12T02:57:01Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-34035.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["11010690573073373580475564536898215144","236316283598532968317843142618347846715","145973939134357512795454432063857196233","138927736457626378013633625171807371122"]},"signature_version":"v1","deprecated":false,"signature_type":"Line","source":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3","target":{"file":"htmldoc/htmlsep.cxx"},"id":"CVE-2022-34035-0c439e4a"},{"digest":{"threshold":0.9,"line_hashes":["234785802684792096917207989401605288278","107672797784367060433788604832715650575","126775171584662616747868599505292290663","141977703225416445065225212901493540205","138808994154111565723513260536960505260","158664751007983522563107000516190651111","245598300303168395589188424596280455781","114467633332899921658977922439920740892","64780672789368538494132268719342144961","202423935383213673756913408541880303964","160910629128377498137551931738960734278","113945988469408376540251915538173454550","127316884730954973287442813256628260259","121593319098276441906138329850905266813","277240015104719155192838511861601358151","84569678992013683809641059764502864028"]},"signature_version":"v1","deprecated":false,"signature_type":"Line","source":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e","target":{"file":"htmldoc/htmllib.cxx"},"id":"CVE-2022-34035-1fbddf92"},{"digest":{"threshold":0.9,"line_hashes":["281283668154379978146099682993417865941","11010690573073373580475564536898215144","236316283598532968317843142618347846715","145973939134357512795454432063857196233","138927736457626378013633625171807371122"]},"signature_version":"v1","deprecated":false,"signature_type":"Line","source":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3","target":{"file":"htmldoc/html.cxx"},"id":"CVE-2022-34035-77d4de2d"},{"digest":{"function_hash":"175863848132261062858669516373905615154","length":3580},"signature_version":"v1","deprecated":false,"signature_type":"Function","source":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3","target":{"file":"htmldoc/htmlsep.cxx","function":"write_node"},"id":"CVE-2022-34035-7e1e90f6"},{"digest":{"threshold":0.9,"line_hashes":["262806988648920606190884753042407998572","242810262689368385328692602182116265446","312538155704082972608823509445976074895","278788631131752346286035340557475704262","190177450537050358124259763931810504927","20478792993146418444206333529513627782","102043806513715176829813927614663154016","124765032087851127907750529542039045826","62241978059388003535691878735061670763","27784967264506964768214472104567925846"]},"signature_version":"v1","deprecated":false,"signature_type":"Line","source":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e","target":{"file":"htmldoc/testhtml.cxx"},"id":"CVE-2022-34035-af65db43"},{"digest":{"function_hash":"139865939855947168328976917133857666007","length":3595},"signature_version":"v1","deprecated":false,"signature_type":"Function","source":"https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3","target":{"file":"htmldoc/html.cxx","function":"write_node"},"id":"CVE-2022-34035-b914cac3"},{"digest":{"function_hash":"278557957529530301282223491898702162415","length":339},"signature_version":"v1","deprecated":false,"signature_type":"Function","source":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e","target":{"file":"htmldoc/testhtml.cxx","function":"show_tree"},"id":"CVE-2022-34035-ccd1aa28"},{"digest":{"function_hash":"76173524937074759609021912018594316081","length":677},"signature_version":"v1","deprecated":false,"signature_type":"Function","source":"https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e","target":{"file":"htmldoc/htmllib.cxx","function":"htmlGetText"},"id":"CVE-2022-34035-dba96d92"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}