296,224
Total vulnerabilities in the database
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing table.c:row_from_string may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where cmark-gfm is used. If cmark-gfm is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the cmark-gfm library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.
| Software | From | Fixed in |
|---|---|---|
| github / cmark-gfm | - | 0.28.3.gfm.21 |
| github / cmark-gfm | 0.28.3.gfm.21.x | 0.29.0.gfm.3 |
| fedoraproject / fedora | 34 | 34.x |
| fedoraproject / fedora | 35 | 35.x |
| fedoraproject / fedora | 36 | 36.x |