CVE-2018-11503

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

References

Affected packages

Git / github.com/orc/discount

Affected ranges

Type

GIT

Repo

https://github.com/orc/discount

Events

Introduced

Last affected

9e9d5158735d7401296ecd28515e9dbef831e4e1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.3-a"
        }
    ]
}

Affected versions

2.*

2.2.1

Other

v0.*

v0.1

v0.2

v0.3

v0.4

v0.6

v0.7.5

v0.8

v0.8.1

v0.8.2

v0.9

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.1.2a

v1.1.3

v1.1.4

v1.1.5

v1.2.0

v1.2.1

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.0pre1

v1.3.0pre2

v1.3.0pre3

v1.3.0pre4

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.4.0

v1.4.1

v1.4.1pre0

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.5

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v2.*

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.1.1

v2.1.1.2

v2.1.1.3

v2.1.2

v2.1.3

v2.1.5

v2.1.5a

v2.1.6

v2.1.7

v2.1.8

v2.1.8a

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.3a

v2.2.3b6

v2.2.3b7

v2.2.3b8

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11503.json"