CVE-2021-30027

NameCVE-2021-30027
Descriptionmd_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs987799

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
md4c (PTS)bullseye, sid0.4.7-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
md4csource(unstable)0.4.7-2987799

Notes

https://github.com/mity/md4c/issues/155
https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19

Search for package or bug name: Reporting problems