CVE-2021-43579 – CVE-2021-43579 is a stack-based buffer overflow... (How to Fix)

Q: How do I fix CVE-2021-43579?

1. Download HTMLDOC 1.9.14 or later from official repository. 2. Compile and install according to platform instructions. 3. Replace existing HTMLDOC binary with patched version.

Q: What is the severity of CVE-2021-43579?

CVE-2021-43579 has a CVSS score of 7.8 (HIGH). CVE-2021-43579 is a stack-based buffer overflow vulnerability in HTMLDOC's BMP image processing function that allows remote code execution when processing malicious BMP files. This affects users who convert HTML documents containing external BMP images using HTMLDOC version 1.9.13 and earlier. Attackers can exploit this by tricking victims into converting documents with crafted BMP files.

📋 TL;DR

CVE-2021-43579 is a stack-based buffer overflow vulnerability in HTMLDOC's BMP image processing function that allows remote code execution when processing malicious BMP files. This affects users who convert HTML documents containing external BMP images using HTMLDOC version 1.9.13 and earlier. Attackers can exploit this by tricking victims into converting documents with crafted BMP files.

💻 Affected Systems

Products:

HTMLDOC

Versions: <= 1.9.13

Operating Systems: All platforms where HTMLDOC runs (Linux, Windows, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing HTML documents containing external BMP images. Local file processing may also be vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Htmldoc by Htmldoc Project

View all CVEs affecting Htmldoc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution with the privileges of the HTMLDOC process, potentially leading to complete system compromise, data theft, or lateral movement.

🟠

Likely Case

Remote code execution leading to malware installation, data exfiltration, or system disruption on vulnerable systems.

🟢

If Mitigated

Denial of service or application crash if exploit fails or protections like ASLR/DEP are effective.

🌐 Internet-Facing: MEDIUM - Requires user interaction to convert malicious documents, but web services using HTMLDOC for document conversion could be directly targeted.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing with malicious documents requiring conversion.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exists in GitHub issues. Exploitation requires the victim to process a malicious document, but no authentication is needed for the vulnerability itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.14 and later

Vendor Advisory: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b

Restart Required: No

Instructions:

1. Download HTMLDOC 1.9.14 or later from official repository. 2. Compile and install according to platform instructions. 3. Replace existing HTMLDOC binary with patched version.

🔧 Temporary Workarounds

Disable BMP processing

all

Modify HTMLDOC configuration or source to disable BMP image loading functionality

# Requires source code modification in image.c or compile-time flags

Input validation

linux

Implement pre-processing to validate/sanitize BMP files before HTMLDOC processing

# Use tools like file or imagemagick to validate BMP files before processing

🧯 If You Can't Patch

Restrict HTMLDOC usage to trusted users and documents only
Implement network segmentation to isolate HTMLDOC systems from critical assets

🔍 How to Verify

Check if Vulnerable:

Check HTMLDOC version: htmldoc --version 2>&1 | grep -i version

Check Version:

htmldoc --version 2>&1 | grep -i version || dpkg -l | grep htmldoc || rpm -qa | grep htmldoc

Verify Fix Applied:

Verify version is 1.9.14 or later and test with known safe BMP files

📡 Detection & Monitoring

Log Indicators:

HTMLDOC process crashes with segmentation faults
Unexpected child processes spawned from HTMLDOC

Network Indicators:

Downloads of BMP files followed by HTMLDOC execution
Outbound connections from HTMLDOC process

SIEM Query:

process_name:"htmldoc" AND (event_type:"process_crash" OR child_process_count > 0)

📊 Metadata

CVE ID: CVE-2021-43579

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 10, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b Patch,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/compare/v1.9.12...v1.9.13 Release Notes,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/issues/453 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/issues/456 Exploit,Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/02/msg00022.html Mailing List,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b Patch,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/compare/v1.9.12...v1.9.13 Release Notes,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/issues/453 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/michaelrsweet/htmldoc/issues/456 Exploit,Issue Tracking,Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/02/msg00022.html Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43579, you might also want to check these: