CVE-2021-23180 – CVE-2021-23180 is a null pointer dereference vu... (How to Fix)

Q: What is the severity of CVE-2021-23180?

CVE-2021-23180 has a CVSS score of 7.8 (HIGH). CVE-2021-23180 is a null pointer dereference vulnerability in htmldoc versions 1.9.12 and earlier that could allow attackers to execute arbitrary code or cause denial of service. The flaw occurs in the file_extension() function in file.c when processing certain inputs. Anyone using vulnerable versions of htmldoc to convert HTML files to PDF/PS format is potentially affected.

📋 TL;DR

CVE-2021-23180 is a null pointer dereference vulnerability in htmldoc versions 1.9.12 and earlier that could allow attackers to execute arbitrary code or cause denial of service. The flaw occurs in the file_extension() function in file.c when processing certain inputs. Anyone using vulnerable versions of htmldoc to convert HTML files to PDF/PS format is potentially affected.

💻 Affected Systems

Products:

htmldoc

Versions: Versions 1.9.12 and earlier

Operating Systems: Linux, Unix-like systems, Windows (if compiled from source)

Default Config Vulnerable: ⚠️ Yes

Notes: htmldoc is typically used as a command-line tool for HTML to PDF/PS conversion. Vulnerability triggers when processing files with specific extensions.

📦 What is this software?

Htmldoc by Htmldoc Project

View all CVEs affecting Htmldoc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the htmldoc process, potentially leading to full system compromise.

🟠

Likely Case

Application crash causing denial of service, disrupting document conversion services.

🟢

If Mitigated

Limited impact with proper sandboxing and privilege separation, potentially just application crash.

🌐 Internet-Facing: MEDIUM - Requires user interaction or specific input processing, not directly network-exposed by default.

🏢 Internal Only: MEDIUM - Could be exploited through malicious documents processed by htmldoc in internal workflows.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting malicious input that triggers the null pointer dereference. No public exploit code has been documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 19c582fb32eac74b57e155cffbb529377a9e751a and later versions

Vendor Advisory: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a

Restart Required: No

Instructions:

1. Update htmldoc to version 1.9.13 or later. 2. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade htmldoc' (Ubuntu/Debian) or 'sudo yum update htmldoc' (RHEL/CentOS). 3. For source installations, download latest from GitHub and recompile.

🔧 Temporary Workarounds

Input validation wrapper

linux

Create a wrapper script that validates file extensions before passing to htmldoc

#!/bin/bash
# Validate file has safe extension before processing
safe_extensions=("html" "htm" "pdf" "ps")
filename="$1"
extension="${filename##*.}"
if [[ " ${safe_extensions[@]} " =~ " ${extension} " ]]; then
    htmldoc "$@"
else
    echo "Unsafe file extension: $extension"
    exit 1
fi

🧯 If You Can't Patch

Run htmldoc in a sandboxed/containerized environment with limited privileges
Implement strict input validation for all files processed by htmldoc

🔍 How to Verify

Check if Vulnerable:

Check htmldoc version: 'htmldoc --version' or 'dpkg -l | grep htmldoc' or 'rpm -q htmldoc'. If version is 1.9.12 or earlier, system is vulnerable.

Check Version:

htmldoc --version 2>/dev/null || dpkg -l | grep htmldoc || rpm -q htmldoc

Verify Fix Applied:

After update, verify version is 1.9.13 or later using 'htmldoc --version'.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from htmldoc process
Unexpected process termination of htmldoc

Network Indicators:

None - this is a local vulnerability

SIEM Query:

process_name:"htmldoc" AND (event_type:"crash" OR exit_code:"139")

📊 Metadata

CVE ID: CVE-2021-23180

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-476

Published: March 2, 2022

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1967041 Issue Tracking,Patch,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a Patch,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/issues/418 Exploit,Issue Tracking,Third Party Advisory
https://ubuntu.com/security/CVE-2021-23180 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1967041 Issue Tracking,Patch,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a Patch,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/issues/418 Exploit,Issue Tracking,Third Party Advisory
https://ubuntu.com/security/CVE-2021-23180 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-23180, you might also want to check these: