JLSEC-2026-500

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

Linux Distros Unpatched Vulnerability : CVE-2023-35936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior...

Fedora 41 : ghc-base64 / ghc-hakyll / ghc-isocline / gitit / pandoc / etc (2024-d62088b505)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-d62088b505 advisory. pandoc-cli replaces pandoc binary package Security fix for CVE-2023-35936 and CVE-2023-35936 newly packaged ghc-base64 and ghc-isocline Tenable has...

Fedora 40 : ghc-base64 / ghc-hakyll / ghc-isocline / ghc-toml-parser / gitit / etc (2024-7d83cbccb6)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-7d83cbccb6 advisory. Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: - backport fixes for CVE-2023-35936 and CVE-2023-38745 pandoc-cli: - new package for pand...

Fedora: Security Advisory for ghc-base64 (FEDORA-2024-b458482d48)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for patat (FEDORA-2024-6ad6b9f417)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for ghc-hakyll (FEDORA-2024-6ad6b9f417)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for ghc-base64 (FEDORA-2024-7d83cbccb6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for pandoc-cli (FEDORA-2024-7d83cbccb6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-35936

An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite...

[SECURITY] [DLA 3507-1] pandoc security update

Debian LTS Advisory DLA-3507-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 25, 2023 https://wiki.debian.org/LTS Package : pandoc Version : 2.2.1-3+deb10u1 CVE ID : CVE-2023-35936 CVE-2023-38745 Debian Bug : 1041976 Arbitrary file write vulnerabilities were...

CVE-2023-35936

creationtimestamp| type| source ---|---|--- 2023-07-06 00:27:08+00:00| seen| https://t.me/cibsecurity/66012 2023-07-25 07:26:33+00:00| seen| https://t.me/cibsecurity/67195 2024-02-01 17:16:32+00:00| seen| https://t.me/ctinow/177686...

CVE-2023-35936

Pandoc (the Haskell library/CLI) is affected from 1.13 up to but not including 3.1.4. An arbitrary file write could be triggered by a crafted image element when using --extract-media or when generating PDF, enabling creation/overwrite of files based on process privileges. Root cause involves flaw...

CVE-2023-35936

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...