Source: discount X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for discount. CVE-2026-35201[0]: | Discount is an implementation of John Gruber's Markdown markup | language in C. From 1.3.1.1 to before 2.2.7.4, a signed length | truncation bug causes an out-of-bounds read in the default Markdown | parse path. Inputs larger than INT_MAX are truncated to a signed int | before entering the native parser, allowing the parser to read past | the end of the supplied buffer and crash the process. This | vulnerability is fixed in 2.2.7.4. https://github.com/davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrc https://github.com/davidfstr/rdiscount/commit/b1a16445e92e0d12c07594dedcdc56f80b317761 (2.2.7.4) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-35201 https://www.cve.org/CVERecord?id=CVE-2026-35201 Please adjust the affected versions in the BTS as needed.
