UBUNTU-CVE-2026-35201

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-35201

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-35201.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-35201

Upstream

CVE-2026-35201

Published

2026-04-06T20:16:00Z

Modified

2026-05-20T16:25:35.526321682Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - low

Summary

[none]

Details

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4.

References

Affected packages

Ubuntu:16.04:LTS

discount

Package

Name: discount
Purl: pkg:deb/ubuntu/discount?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "discount",
            "binary_version": "2.1.8-2"
        },
        {
            "binary_name": "libmarkdown2",
            "binary_version": "2.1.8-2"
        }
    ],
    "priority_reason": "Only a denial of service issue with an extremely large markdown file"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-35201.json"

Ubuntu:18.04:LTS

discount

Package

Name: discount
Purl: pkg:deb/ubuntu/discount?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.8-2

2.2.3b8-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "discount",
            "binary_version": "2.2.3b8-2"
        },
        {
            "binary_name": "libmarkdown2",
            "binary_version": "2.2.3b8-2"
        }
    ],
    "priority_reason": "Only a denial of service issue with an extremely large markdown file"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-35201.json"

Ubuntu:20.04:LTS

discount

Package

Name: discount
Purl: pkg:deb/ubuntu/discount?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "discount",
            "binary_version": "2.2.6-1"
        },
        {
            "binary_name": "libmarkdown2",
            "binary_version": "2.2.6-1"
        }
    ],
    "priority_reason": "Only a denial of service issue with an extremely large markdown file"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-35201.json"

Ubuntu:22.04:LTS

discount

Package

Name: discount
Purl: pkg:deb/ubuntu/discount?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.6-1ubuntu2

2.2.7-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "discount",
            "binary_version": "2.2.7-2"
        },
        {
            "binary_name": "libmarkdown2",
            "binary_version": "2.2.7-2"
        }
    ],
    "priority_reason": "Only a denial of service issue with an extremely large markdown file"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-35201.json"

Ubuntu:24.04:LTS

discount

Package

Name: discount
Purl: pkg:deb/ubuntu/discount?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.7-2

2.2.7-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "discount",
            "binary_version": "2.2.7-2build1"
        },
        {
            "binary_name": "libmarkdown2",
            "binary_version": "2.2.7-2build1"
        }
    ],
    "priority_reason": "Only a denial of service issue with an extremely large markdown file"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-35201.json"

Ubuntu:25.10

discount

Package

Name: discount
Purl: pkg:deb/ubuntu/discount?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.7-2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "discount",
            "binary_version": "2.2.7-2.1"
        },
        {
            "binary_name": "libmarkdown2",
            "binary_version": "2.2.7-2.1"
        }
    ],
    "priority_reason": "Only a denial of service issue with an extremely large markdown file"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-35201.json"

Ubuntu:26.04:LTS

discount

Package

Name: discount
Purl: pkg:deb/ubuntu/discount?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.7-2.1

2.2.7-2.1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "discount",
            "binary_version": "2.2.7-2.1build1"
        },
        {
            "binary_name": "libmarkdown2",
            "binary_version": "2.2.7-2.1build1"
        }
    ],
    "priority_reason": "Only a denial of service issue with an extremely large markdown file"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-35201.json"