Lucene search
+L
Md4c ProjectMd4c

8 matches found

cve
cve
added 2021/04/29 2:29 p.m.55 views

CVE-2021-30027

The CVE-2021-30027 vulnerability affects md4c 0.4.7, specifically the md_analyze_line function in md4c.c. The issue allows an attacker to trigger use of uninitialized memory, enabling denial of service through a malformed Markdown document. Available sources concur on the affected component and t...

5.5CVSS5.3AI score0.00697EPSS
cve
cve
added 2018/05/29 9:0 p.m.52 views

CVE-2018-11545

The CVE-2018-11545 vulnerability affects md4c 0.2.5, a C-based Markdown parser. A heap-based buffer overflow occurs in md_merge_lines when md_is_link_label mishandles link labels composed solely of backslash escapes. This is the concrete flaw described across multiple sources (CNVD, NVD, Red Hat,...

9.8CVSS9.7AI score0.01589EPSS
cve
cve
added 2018/05/29 9:0 p.m.43 views

CVE-2018-11546

CVE-2018-11546 affects md4c 0.2.5 and is due to a heap-based buffer over-read caused by an off-by-one in md_is_named_entity_contents. The issue is documented across multiple sources (e.g., NVD/N-Red Hat/CNVD) as a vulnerability in md4c 0.2.5, with high to critical impact (network-exposed, partial...

9.8CVSS9.5AI score0.0163EPSS
cve
cve
added 2018/05/29 9:0 p.m.43 views

CVE-2018-11547

The CVE refers to md4c 0.2.5, where the function md_is_link_reference_definition_helper suffers a heap-based buffer over-read due to improper termination of the md_is_link_label loop. This vulnerability is documented across multiple feeds (NVD, Red Hat, CNVD, OSV, etc.). Impact and remediation de...

9.8CVSS9.5AI score0.0163EPSS
cve
cve
added 2020/09/29 6:48 p.m.43 views

CVE-2020-26148

md4c 0.4.5 contains a vulnerability in md_push_block_bytes (md4c.c) that can trigger use of uninitialized memory and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. Connected sources confirm the defect but do not provide exploit specifics, affected platforms...

7.5CVSS7.3AI score0.01423EPSS
cve
cve
added 2018/05/29 7:0 a.m.40 views

CVE-2018-11536

CVE-2018-11536 affects the md4c Markdown parser in versions before 0.2.5. The issue is a heap-based buffer overflow caused by improper handling of splits in the md_split_simple_pairing_mark function. Documented impacts include denial of service or potential arbitrary code execution, but exploitat...

9.8CVSS9.7AI score0.01711EPSS
cve
cve
added 2018/06/11 1:0 p.m.39 views

CVE-2018-12102

CVE-2018-12102 affects md4c 0.2.6 with a NULL pointer dereference in md_process_line (md4c.c), related to ctx->current_block. Multiple sources corroborate this vulnerability across CVE records and CNVD/OSV-type entries. The CNVD-2018-21058 description explicitly notes that an attacker can caus...

5.5CVSS5.4AI score0.00847EPSS
cve
cve
added 2018/06/11 2:0 p.m.38 views

CVE-2018-12112

The vulnerability CVE-2018-12112 affects md4c 0.2.6. Root cause: the function md_build_attribute in md4c.c allows a crafted file to trigger a denial of service (segmentation fault and application crash) and possibly other impact. Impact is a crash/DoS; exploitation is remote via crafted input. No...

7.8CVSS8AI score0.01273EPSS