8 matches found
CVE-2021-30027
The CVE-2021-30027 vulnerability affects md4c 0.4.7, specifically the md_analyze_line function in md4c.c. The issue allows an attacker to trigger use of uninitialized memory, enabling denial of service through a malformed Markdown document. Available sources concur on the affected component and t...
CVE-2018-11545
The CVE-2018-11545 vulnerability affects md4c 0.2.5, a C-based Markdown parser. A heap-based buffer overflow occurs in md_merge_lines when md_is_link_label mishandles link labels composed solely of backslash escapes. This is the concrete flaw described across multiple sources (CNVD, NVD, Red Hat,...
CVE-2018-11546
CVE-2018-11546 affects md4c 0.2.5 and is due to a heap-based buffer over-read caused by an off-by-one in md_is_named_entity_contents. The issue is documented across multiple sources (e.g., NVD/N-Red Hat/CNVD) as a vulnerability in md4c 0.2.5, with high to critical impact (network-exposed, partial...
CVE-2018-11547
The CVE refers to md4c 0.2.5, where the function md_is_link_reference_definition_helper suffers a heap-based buffer over-read due to improper termination of the md_is_link_label loop. This vulnerability is documented across multiple feeds (NVD, Red Hat, CNVD, OSV, etc.). Impact and remediation de...
CVE-2020-26148
md4c 0.4.5 contains a vulnerability in md_push_block_bytes (md4c.c) that can trigger use of uninitialized memory and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. Connected sources confirm the defect but do not provide exploit specifics, affected platforms...
CVE-2018-11536
CVE-2018-11536 affects the md4c Markdown parser in versions before 0.2.5. The issue is a heap-based buffer overflow caused by improper handling of splits in the md_split_simple_pairing_mark function. Documented impacts include denial of service or potential arbitrary code execution, but exploitat...
CVE-2018-12102
CVE-2018-12102 affects md4c 0.2.6 with a NULL pointer dereference in md_process_line (md4c.c), related to ctx->current_block. Multiple sources corroborate this vulnerability across CVE records and CNVD/OSV-type entries. The CNVD-2018-21058 description explicitly notes that an attacker can caus...
CVE-2018-12112
The vulnerability CVE-2018-12112 affects md4c 0.2.6. Root cause: the function md_build_attribute in md4c.c allows a crafted file to trigger a denial of service (segmentation fault and application crash) and possibly other impact. Impact is a crash/DoS; exploitation is remote via crafted input. No...