Login Sign Up

CVE-2022-23850

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2022-23850 is a stack-based buffer overflow vulnerability in epub2txt's xhtml_translate_entity function that allows remote code execution via a specially crafted EPUB document. This affects users who process untrusted EPUB files with epub2txt versions through 2.02. Attackers can exploit this to execute arbitrary code with the privileges of the epub2txt process.

💻 Affected Systems

Products:
  • epub2txt (epub2txt2)
Versions: through 2.02
Operating Systems: All platforms where epub2txt runs (Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using epub2txt to process EPUB files from untrusted sources is vulnerable.

📦 What is this software?

Epub2txt by Epub2txt Project

View all CVEs affecting Epub2txt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Remote code execution allowing attackers to install malware, create backdoors, or pivot to other systems.

🟢

If Mitigated

Denial of service if exploit fails or is detected by security controls.

🌐 Internet-Facing: MEDIUM - Requires user to process malicious EPUB file, but automated systems processing untrusted content are at higher risk.
🏢 Internal Only: LOW - Typically requires user interaction with malicious files, though automated document processing systems could be vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the victim to process a malicious EPUB file. Public proof-of-concept exists in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.03 and later

Vendor Advisory: https://github.com/kevinboone/epub2txt2/issues/17

Restart Required: No

Instructions:

1. Check current version with 'epub2txt --version'. 2. Update to version 2.03 or later from the GitHub repository. 3. Recompile if using source code.

🔧 Temporary Workarounds

Disable EPUB processing

linux

Temporarily disable epub2txt or block EPUB file processing until patched.

sudo mv /usr/bin/epub2txt /usr/bin/epub2txt.disabled

Use alternative EPUB tools

linux

Replace epub2txt with alternative EPUB processing tools like calibre or pandoc.

sudo apt-get install calibre

🧯 If You Can't Patch

  • Implement strict file upload validation to reject suspicious EPUB files.
  • Run epub2txt in a sandboxed environment with minimal privileges.

🔍 How to Verify

Check if Vulnerable:

Run 'epub2txt --version' and check if version is 2.02 or earlier.

Check Version:

epub2txt --version

Verify Fix Applied:

Confirm version is 2.03 or later with 'epub2txt --version' and test with known safe EPUB files.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults or abnormal termination of epub2txt process
  • Unusual process spawning from epub2txt

Network Indicators:

  • Outbound connections from epub2txt process to unknown destinations

SIEM Query:

process_name:epub2txt AND (event_type:crash OR parent_process:epub2txt)

📊 Metadata

CVE ID: CVE-2022-23850
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: January 23, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23850, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)