Debian Pygments vulnerabilities

5 known vulnerabilities affecting debian/pygments.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-4539MEDIUMCVSS 4.82026
CVE-2026-4539 [MEDIUM] CVE-2026-4539: pygments - A security flaw has been discovered in pygments up to 2.19.2. The impacted eleme... A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed o
debian
CVE-2022-40896MEDIUMCVSS 5.5fixed in pygments 2.15.1+dfsg-1 (forky)2022
CVE-2022-40896 [MEDIUM] CVE-2022-40896: pygments - A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.... A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.15.1+dfsg-1) sid: resolved (fixed in 2.15.1+dfsg-1) trixie: resolved (fixed in 2.15.1+dfsg-1)
debian
CVE-2021-27291HIGHCVSS 7.5fixed in mediawiki 1:1.35.2-1 (bookworm)2021
CVE-2021-27291 [HIGH] CVE-2021-27291: mediawiki - In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages... In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: res
debian
CVE-2021-20270HIGHCVSS 7.5fixed in mediawiki 1:1.35.2-1 (bookworm)2021
CVE-2021-20270 [HIGH] CVE-2021-20270: mediawiki - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denia... An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. Scope: local bookworm: resolved (fixed in 1:1.35.2-1) bullseye: resolved (fixed in 1:1.35.2-1) forky: resolved (fixed in 1:1.35.2-1)
debian
CVE-2015-8557CRITICALCVSS 9.0fixed in pygments 2.0.1+dfsg-2 (bookworm)2015
CVE-2015-8557 [CRITICAL] CVE-2015-8557: pygments - The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2... The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. Scope: local bookworm: resolved (fixed in 2.0.1+dfsg-2) bullseye: resolved (fixed in 2.0.1+dfsg-2) forky: resolved (fixed in 2.0.1+dfsg-2) sid: resolved (fixed in 2.0.1+dfsg
debian