8 matches found
Astra Linux – Vulnerability in Pandoc
Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file-write vulnerability. This vulnerability could be exploited by including a...
Fedora 38 : ghc-base64 / ghc-hakyll / gitit / pandoc / patat (2024-6ad6b9f417)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-6ad6b9f417 advisory. Security fix for CVE-2023-35936 and CVE-2023-38745 - pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 - base64 now packaged in Fedora...
CVE-2023-35936
An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite...
UBUNTU-CVE-2023-38745
Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...
CVE-2023-38745
Pandoc-era vulnerability set affects Pandoc up to 3.1.6. CVE-2023-38745: before 3.1.6, an arbitrary file write is possible when processing crafted image elements with --extract-media or PDF output, depending on process privileges. Root cause ties to an incomplete/adjusted handling of paths and do...
Debian dla-3507 : libghc-pandoc-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3507 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3507-1 [email protected]...
SUSE CVE-2023-35936
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...
UBUNTU-CVE-2023-35936
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...