Login Sign Up

CVE-2021-26259

7.8 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2021-26259 is a heap buffer overflow vulnerability in htmldoc's render_table_row() function that could allow attackers to execute arbitrary code or cause denial of service. This affects systems running htmldoc v1.9.12 when processing malicious HTML documents containing specially crafted tables.

💻 Affected Systems

Products:
  • htmldoc
Versions: v1.9.12
Operating Systems: Linux, Unix-like systems, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of htmldoc v1.9.12 are vulnerable when processing HTML documents containing tables.

📦 What is this software?

Htmldoc by Htmldoc Project

View all CVEs affecting Htmldoc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the htmldoc process, potentially leading to full system compromise.

🟠

Likely Case

Denial of service through application crashes when processing malicious documents.

🟢

If Mitigated

Limited impact if htmldoc runs with minimal privileges and in isolated environments.

🌐 Internet-Facing: LOW - htmldoc is typically used as a document conversion tool, not as an internet-facing service.
🏢 Internal Only: MEDIUM - Could be exploited through malicious documents processed internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires the victim to process a malicious HTML document. Proof-of-concept code is available in the GitHub issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 0ddab26a542c74770317b622e985c52430092ba5 and later versions

Vendor Advisory: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5

Restart Required: No

Instructions:

1. Update htmldoc to the latest version from the official repository. 2. Recompile if using source code. 3. Replace existing htmldoc binary with the patched version.

🔧 Temporary Workarounds

Disable table processing

all

Avoid processing HTML documents containing tables with htmldoc

Run with reduced privileges

linux

Execute htmldoc with minimal user privileges to limit potential damage

sudo -u nobody htmldoc document.html

🧯 If You Can't Patch

  • Restrict htmldoc usage to trusted documents only
  • Implement sandboxing or containerization for htmldoc processes

🔍 How to Verify

Check if Vulnerable:

Check htmldoc version: htmldoc --version. If output shows v1.9.12, the system is vulnerable.

Check Version:

htmldoc --version

Verify Fix Applied:

Verify version is newer than v1.9.12 or check if commit 0ddab26a542c74770317b622e985c52430092ba5 is included in the build.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from htmldoc process
  • Unusual memory allocation patterns

Network Indicators:

  • Not applicable - this is a local file processing vulnerability

SIEM Query:

Process:name="htmldoc" AND (EventID="1000" OR Signal="SIGSEGV")

📊 Metadata

CVE ID: CVE-2021-26259
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 3, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-26259, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)