Debian Python-Cmarkgfm vulnerabilities

10 known vulnerabilities affecting debian/python-cmarkgfm.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5LOW3

Vulnerabilities

Page 1 of 1
CVE-2023-26485MEDIUMCVSS 5.3fixed in cmark-gfm 0.29.0.gfm.13-1 (forky)2023
CVE-2023-26485 [MEDIUM] CVE-2023-26485: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been add
debian
CVE-2023-37463MEDIUMCVSS 6.4fixed in cmark-gfm 0.29.0.gfm.13-1 (forky)2023
CVE-2023-37463 [MEDIUM] CVE-2023-37463: cmark-gfm - cmark-gfm is an extended version of the C reference implementation of CommonMark... cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. Scope: local bookworm: open bullseye: op
debian
CVE-2023-24824MEDIUMCVSS 5.3fixed in cmark-gfm 0.29.0.gfm.13-1 (forky)2023
CVE-2023-24824 [MEDIUM] CVE-2023-24824: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has b
debian
CVE-2023-22485MEDIUMCVSS 5.3fixed in cmark-gfm 0.29.0.gfm.13-1 (forky)2023
CVE-2023-22485 [MEDIUM] CVE-2023-22485: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible dama
debian
CVE-2023-22483LOWCVSS 3.5fixed in cmark-gfm 0.29.0.gfm.13-1 (forky)2023
CVE-2023-22483 [LOW] CVE-2023-22483: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to
debian
CVE-2023-22486LOWCVSS 3.5fixed in cmark-gfm 0.29.0.gfm.13-1 (forky)2023
CVE-2023-22486 [LOW] CVE-2023-22486: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. Scope: local bookworm: open bullseye:
debian
CVE-2023-22484LOWCVSS 3.5fixed in cmark-gfm 0.29.0.gfm.13-1 (forky)2023
CVE-2023-22484 [LOW] CVE-2023-22484: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. Scope: local bookworm: open bullseye: ope
debian
CVE-2022-24724HIGHCVSS 8.8fixed in cmark-gfm 0.29.0.gfm.3-3 (bookworm)2022
CVE-2022-24724 [HIGH] CVE-2022-24724: cmark-gfm - cmark-gfm is GitHub's extended version of the C reference implementation of Comm... cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ran
debian
CVE-2022-39209HIGHCVSS 7.5fixed in cmark-gfm 0.29.0.gfm.6-2 (bookworm)2022
CVE-2022-39209 [HIGH] CVE-2022-39209: cmark-gfm - cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library ... cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark
debian
CVE-2020-5238MEDIUMCVSS 6.5fixed in cmark-gfm 0.29.0.gfm.2-1 (bookworm)2020
CVE-2020-5238 [MEDIUM] CVE-2020-5238: cmark-gfm - The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 take... The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1. Scope: local bo
debian