MidnightBSD

Advisories for discount_project

CVE-2018-11468 MEDIUM

The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
discount_project discount 2.2.3
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2018-11503 MEDIUM

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
discount_project discount 2.2.3
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2018-11504 MEDIUM

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
discount_project discount 2.2.3
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2018-12495 MEDIUM

The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
discount_project discount 2.2.3
debian debian_linux 9.0
debian debian_linux 8.0