CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
EPSS
Percentile
47.8%
Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by
providing a crafted image element in the input when generating files via
the --extract-media option or outputting to PDF format. This allows an
attacker to create or overwrite arbitrary files, depending on the
privileges of the process running Pandoc. It only affects systems that pass
untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF
or with the --extract-media option. NOTE: this issue exists because of an
incomplete fix for CVE-2023-35936 (failure to properly account for double
encoded path names).
github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625
github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6)
github.com/jgm/pandoc/compare/3.1.5...3.1.6
launchpad.net/bugs/cve/CVE-2023-38745
lists.debian.org/debian-lts-announce/2023/07/msg00029.html
nvd.nist.gov/vuln/detail/CVE-2023-38745
security-tracker.debian.org/tracker/CVE-2023-38745
www.cve.org/CVERecord?id=CVE-2023-38745