The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.1.7-1+deb8u1build0.14.04.1", "binary_name": "discount" }, { "binary_version": "2.1.7-1+deb8u1build0.14.04.1", "binary_name": "discount-dbgsym" }, { "binary_version": "2.1.7-1+deb8u1build0.14.04.1", "binary_name": "libmarkdown2" }, { "binary_version": "2.1.7-1+deb8u1build0.14.04.1", "binary_name": "libmarkdown2-dbg" }, { "binary_version": "2.1.7-1+deb8u1build0.14.04.1", "binary_name": "libmarkdown2-dbgsym" }, { "binary_version": "2.1.7-1+deb8u1build0.14.04.1", "binary_name": "libmarkdown2-dev" }, { "binary_version": "2.1.7-1+deb8u1build0.14.04.1", "binary_name": "libmarkdown2-dev-dbgsym" } ] }