6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.0%
Package : pandoc
Version : 2.2.1-3+deb10u1
CVE ID : CVE-2023-35936 CVE-2023-38745
Debian Bug : 1041976
Arbitrary file write vulnerabilities were discovered in pandoc, an
Haskell library and CLI tool for converting from one markup format to
another. These vulnerabilities can be triggered by providing a
specially crafted image element in the input when generating files using
the --extract-media
option or outputting to PDF format, and allow an
attacker to create or overwrite arbitrary files on the system (depending
on the privileges of the process running pandoc).
CVE-2023-35936
Entroy C discovered that appending percent-encoded directory
components to the end of malicious data: URI, an attacker could
trick pandoc into creating or or overwriting arbitrary files on the
system.
CVE-2023-38745
I discovered that the upstream fix for CVE-2023-35936 was
incomplete, namely that the vulnerability remained when encoding '%'
characters as '%25'.
For Debian 10 buster, these problems have been fixed in version
2.2.1-3+deb10u1.
We recommend that you upgrade your pandoc packages.
For the detailed security status of pandoc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pandoc
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | all | pandoc | < 2.2.1-3+deb10u1 | pandoc_2.2.1-3+deb10u1_all.deb |
Debian | 10 | armhf | libghc-pandoc-dev | < 2.2.1-3+deb10u1 | libghc-pandoc-dev_2.2.1-3+deb10u1_armhf.deb |
Debian | 10 | arm64 | pandoc | < 2.2.1-3+deb10u1 | pandoc_2.2.1-3+deb10u1_arm64.deb |
Debian | 10 | armhf | pandoc | < 2.2.1-3+deb10u1 | pandoc_2.2.1-3+deb10u1_armhf.deb |
Debian | 10 | i386 | libghc-pandoc-prof | < 2.2.1-3+deb10u1 | libghc-pandoc-prof_2.2.1-3+deb10u1_i386.deb |
Debian | 10 | all | libghc-pandoc-doc | < 2.2.1-3+deb10u1 | libghc-pandoc-doc_2.2.1-3+deb10u1_all.deb |
Debian | 10 | amd64 | libghc-pandoc-dev | < 2.2.1-3+deb10u1 | libghc-pandoc-dev_2.2.1-3+deb10u1_amd64.deb |
Debian | 10 | i386 | libghc-pandoc-dev | < 2.2.1-3+deb10u1 | libghc-pandoc-dev_2.2.1-3+deb10u1_i386.deb |
Debian | 10 | armhf | libghc-pandoc-prof | < 2.2.1-3+deb10u1 | libghc-pandoc-prof_2.2.1-3+deb10u1_armhf.deb |
Debian | 10 | all | pandoc-data | < 2.2.1-3+deb10u1 | pandoc-data_2.2.1-3+deb10u1_all.deb |
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.0%