CVE-2023-38745

2023-07-2504:15:10

Debian Security Bug Tracker

security-tracker.debian.org

pandoc security vulnerability

arbitrary file write

pdf format

incomplete fix

double encoded path names

unix

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

0.001 Low

EPSS

Percentile

38.0%

JSON

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).

OSVersionArchitecturePackageVersionFilename
Debian12allpandoc< 2.17.1.1-2~deb12u1pandoc_2.17.1.1-2~deb12u1_all.deb
Debian11allpandoc< 2.9.2.1-1+deb11u1pandoc_2.9.2.1-1+deb11u1_all.deb
Debian10allpandoc< 2.2.1-3pandoc_2.2.1-3_all.deb
Debian999allpandoc< 3.1.3+ds-3pandoc_3.1.3+ds-3_all.deb
Debian13allpandoc< 3.1.3+ds-3pandoc_3.1.3+ds-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	pandoc	< 2.17.1.1-2~deb12u1	pandoc_2.17.1.1-2~deb12u1_all.deb
Debian	11	all	pandoc	< 2.9.2.1-1+deb11u1	pandoc_2.9.2.1-1+deb11u1_all.deb
Debian	10	all	pandoc	< 2.2.1-3	pandoc_2.2.1-3_all.deb
Debian	999	all	pandoc	< 3.1.3+ds-3	pandoc_3.1.3+ds-3_all.deb
Debian	13	all	pandoc	< 3.1.3+ds-3	pandoc_3.1.3+ds-3_all.deb