CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:L
EPSS
Percentile
47.5%
pandoc is vulnerable to Arbitrary File Write. By providing a constructed picture element as input while creating files with the --extract-media
option or outputting to PDF format, an arbitrary file write vulnerability may be exploited. This vulnerability affects systems that enable pandoc to output a PDF or utilize the --extract-media
option with untrusted user input.
github.com/jgm/pandoc/security/advisories/GHSA-xj5q-fv23-575g
lists.debian.org/debian-lts-announce/2023/07/msg00029.html
lists.fedoraproject.org/archives/list/[email protected]/message/JGRJHU2FTSGTHHRTNDF7STEKLKKA25JN/
lists.fedoraproject.org/archives/list/[email protected]/message/LYP3FKDS3KAYMQUZVVL73IUI4CWSKLKP/
lists.fedoraproject.org/archives/list/[email protected]/message/QI6RBP6ZKVC2OOCV6SU2FUHPMAXDDJFU/
security-tracker.debian.org/tracker/CVE-2023-35936