Security update for htmldoc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20219-1 Final 1 1 2026-02-13T16:07:48Z current 2026-02-13T16:07:48Z 2026-02-13T16:07:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for htmldoc This update for htmldoc fixes the following issues: Changes in htmldoc: - CVE-2024-46478: Fixed buffer overflow when handling tabs through the parse_pre function (bsc#1232380). - version update to 1.9.23: * Fixed a regression in list handling that caused a crash for empty list items (Issue #553) * Fixed a regression in the number of rendered table of contents levels in PDF and PostScript output (Issue #554) - version update to 1.9.22: * Added a "--without-http" configure option to build without CUPS HTTP/HTTPS support (Issue #547) * Updated HTTP/HTTPS support to work with both CUPS 2.x and 3.x. * Updated the maximum image dimension to prevent integer overflow on 32-bit platforms (Issue #550) * Updated the HTML parser to correctly report the line number of errors in files with more than 2^32-1 lines (Issue #551) * Fixed a crash bug with certain markdown files (Issue #548) * Fixed an unrestricted recursion bug when reading and formatting HTML (Issue #552) - version update to 1.9.21 * Updated HTTP/HTTPS connection error reporting to include the reason. * Updated markdown parser. * Updated the HTTP/HTTPS connection timeout to 5 minutes (Issue #541) * Fixed a bug in the new PDF link code (Issue #536) * Fixed a bug in the number-up code (Issue #539) * Fixed a regression in leading whitespace handling (Issue #540) * Fixed a bug in numbered heading support (Issue #543) * Fixed a bug with setting the header on the first page (Issue #544) * Fixed paths in the HTMLDOC snap (Issue #545) - update to 1.9.20: * Fix a regression that caused spaces to disappear between some words * Fix resolution of relative links within a document - includes changes from 1.9.19: * Add support for ‘file’ method in links * Update markdown support code to mmd * Fix hyperlinks to subfolders * Fix export of UTF-8 HTML * Fix handling of whitespace-only nodes * Fix case sensitivity of link targets The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-packagehub-128 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1232380 SUSE Bug 1232380 https://www.suse.com/security/cve/CVE-2024-45508/ SUSE CVE CVE-2024-45508 page https://www.suse.com/security/cve/CVE-2024-46478/ SUSE CVE CVE-2024-46478 page openSUSE Leap 16.0 htmldoc-1.9.23-bp160.1.1 htmldoc-1.9.23-bp160.1.1 as a component of openSUSE Leap 16.0 HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. CVE-2024-45508 openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-45508.html CVE-2024-45508 https://bugzilla.suse.com/1230022 SUSE Bug 1230022 HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. CVE-2024-46478 openSUSE Leap 16.0:htmldoc-1.9.23-bp160.1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-46478.html CVE-2024-46478 https://bugzilla.suse.com/1232380 SUSE Bug 1232380