HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Buffer Overflow
Memory Corruption
Htmldoc
NVD
GitHub
CVSS 3.1
9.8
EPSS
0.7%