CVE-2020-26148

NameCVE-2020-26148
Descriptionmd_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs971396

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
md4c (PTS)bullseye0.4.7-2fixed
sid, trixie, bookworm0.4.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
md4csource(unstable)0.4.5-2971396

Notes

https://github.com/mity/md4c/issues/130
https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0

Search for package or bug name: Reporting problems