CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в pandoc

Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file writing vulnerability. This vulnerability could be exploited by including a...

6.1CVSS6.2AI score0.00039EPSS

Exploits1References1

OSV•added 2026/05/18 1:20 p.m.•7 views

JLSEC-2026-500

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

6.3CVSS6.3AI score0.00049EPSS

Exploits0References14

OSV•added 2026/05/18 1:20 p.m.•6 views

JLSEC-2026-499

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

6.1CVSS6AI score0.00039EPSS

Exploits1References10

OSV•added 2025/11/14 2:45 p.m.•27 views

HSEC-2023-0014 Arbitrary file write is possible when using PDF output or --extract-media with untrusted input

Arbitrary file write is possible when using PDF output or --extract-media with untrusted input Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option ...

6.1CVSS5.7AI score0.00039EPSS

Exploits1References1

Redos•added 2024/10/15 12:0 a.m.•11 views

ROS-20241015-01

Vulnerability in the Image Element Handler component of the Haskell library for conversion from markup formats Pandoc is related to the provision of a specially crafted image element as input when creating files using the --extract-media parameter or outputting to PDF. file creation using the...

6.3CVSS7.2AI score0.00049EPSS

Exploits1

Tenable Nessus•added 2024/03/30 12:0 a.m.•20 views

Fedora 38 : ghc-base64 / ghc-hakyll / gitit / pandoc / patat (2024-6ad6b9f417)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-6ad6b9f417 advisory. Security fix for CVE-2023-35936 and CVE-2023-38745 - pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 - base64 now packaged in Fedora...

6.3CVSS6AI score0.00049EPSS

Exploits1References3

RedhatCVE•added 2023/07/27 2:54 p.m.•22 views

CVE-2023-38745

An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite...

5CVSS7AI score0.00049EPSS

Exploits1References3

RedhatCVE•added 2023/07/27 2:54 p.m.•25 views

CVE-2023-35936

5CVSS5.5AI score0.00039EPSS

Exploits1References4

Veracode•added 2023/07/27 1:20 a.m.•28 views

Arbitrary File Write

pandoc is vulnerable to Arbitrary File Write. By providing a constructed picture element as input while creating files with the --extract-media option or outputting to PDF format, an arbitrary file write vulnerability may be exploited. This vulnerability affects systems that enable pandoc to outp...

6.1CVSS6.9AI score0.00039EPSS

Exploits1References6Affected Software1

SUSE CVE•added 2023/07/26 1:34 a.m.•2 views

SUSE CVE-2023-38745

6.1CVSS7AI score0.00049EPSS

Exploits0References3

OSV•added 2023/07/25 4:15 a.m.•1 views

UBUNTU-CVE-2023-38745

6.3CVSS6.4AI score0.00049EPSS

Exploits0References6

CNNVD•added 2023/07/25 12:0 a.m.•1 views

Pandoc 安全漏洞

Pandoc is a Haskell library for converting from one markup format to another, as well as command line tools that use the library. A security vulnerability exists in Pandoc versions prior to 3.1.6, which stems from an arbitrary file write vulnerability in the extract-media function...

6.3CVSS6AI score0.00049EPSS

Exploits0References5

Positive Technologies•added 2023/07/25 12:0 a.m.•3 views

PT-2023-9543 · Pandoc +1 · Pandoc +1

Name of the Vulnerable Software and Affected Versions: Pandoc versions prior to 3.1.6 Description: The issue is related to insufficient input validation in the Pandoc library, which can be exploited to create or overwrite arbitrary files in the system. This can be achieved by using the...

6.3CVSS6.8AI score0.00049EPSS

Exploits1References32

CVE•added 2023/07/25 12:0 a.m.•99 views

CVE-2023-38745

Pandoc-era vulnerability set affects Pandoc up to 3.1.6. CVE-2023-38745: before 3.1.6, an arbitrary file write is possible when processing crafted image elements with --extract-media or PDF output, depending on process privileges. Root cause ties to an incomplete/adjusted handling of paths and do...

6.3CVSS5.7AI score0.00049EPSS

Exploits0References8Affected Software1

Tenable Nessus•added 2023/07/25 12:0 a.m.•17 views

Debian dla-3507 : libghc-pandoc-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3507 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3507-1 [email protected]...

6.3CVSS6.3AI score0.00049EPSS

Exploits1References6

SUSE CVE•added 2023/07/07 2:18 a.m.•2 views

SUSE CVE-2023-35936

5.3CVSS7.4AI score0.00039EPSS

Exploits1References4

OSV•added 2023/07/05 9:15 p.m.•1 views

DEBIAN-CVE-2023-35936

5CVSS6AI score0.00039EPSS

Exploits1References1

OSV•added 2023/07/05 9:15 p.m.•0 views

UBUNTU-CVE-2023-35936