Mageia 2025-0097: man2html man2html Security Advisory Updates
mageia
March 15, 2025
In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap
Summary
In man2html 1.6g, a specific string being read in from a file will
overwrite the size parameter in the top chunk of the heap. This at least
causes the program to segmentation abort if the heap size parameter
isn't aligned correctly. In versions before GLIBC version 2.29 and
if aligned correctly, it allows arbitrary writes anywhere in the program's
memory.
References
- https://bugs.mageia.org/show_bug.cgi?id=34072
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAS4Z6KUDJQV22DP5BTQX56WVFT3FF32/
- https://www.cve.org/CVERecord?id=CVE-2021-40647
Resolution
SRPMS
- 9/core/man2html-1.6-6.1.mga9
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 15 Mar 2025
URL: https://advisories.mageia.org/MGASA-2025-0097.html
Type: security
CVE: CVE-2021-40647
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!