Source: md4c Version: 0.4.7-1 Severity: important Tags: security upstream Forwarded: https://github.com/mity/md4c/issues/155 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for md4c. CVE-2021-30027[0]: | md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger | use of uninitialized memory, and cause a denial of service via a | malformed Markdown document. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-30027 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30027 [1] https://github.com/mity/md4c/issues/155 [2] https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19 Regards, Salvatore