CVE-2024-45508: 
NixOS vulnerability analysis and mitigation

HTMLDOC before version 1.9.19 contains a critical security vulnerability identified as CVE-2024-45508. The vulnerability is characterized by an out-of-bounds write in the parse_paragraph function within ps-pdf.cxx, which occurs when attempting to strip leading whitespace from a whitespace-only node. This vulnerability affects all versions of HTMLDOC prior to 1.9.19 (NVD, Ubuntu Security).

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue specifically occurs in the parse_paragraph function within ps-pdf.cxx when processing whitespace-only nodes. The vulnerability is classified as CWE-787 (Out-of-bounds Write) and can be triggered when the application attempts to strip leading whitespace from nodes that contain only whitespace characters (NVD).

The vulnerability can lead to out-of-bounds memory write operations, which could potentially result in arbitrary code execution or denial of service conditions. The high CVSS score indicates that successful exploitation could lead to complete system compromise with high impacts on confidentiality, integrity, and availability (Ubuntu Security).

The vulnerability has been fixed in HTMLDOC version 1.9.19. Users are advised to upgrade to this version or later. For Ubuntu users, fixed packages are available for various Ubuntu versions including 24.10 (1.9.18-1ubuntu0.1), 24.04 LTS (1.9.17-1ubuntu0.1~esm1), and other supported releases through Ubuntu Pro (Ubuntu Security).