CVE-2018-11468

Priority
Description
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a
allows remote attackers to cause a denial of service (heap-based buffer
over-read) via a crafted file, as demonstrated by mkd2html.
Notes
Package
Upstream:released (2.1.7-1+deb8u1, 2.2.2-1+deb9u1, 2.2.4-1)
Ubuntu 18.04 LTS:needed
Ubuntu 20.04 LTS:not-affected (2.2.4-1)
Ubuntu 21.10:not-affected (2.2.4-1)
Ubuntu 22.04 LTS:not-affected (2.2.4-1)
Ubuntu 14.04 ESM:DNE (trusty was released [2.1.7-1+deb8u1build0.14.04.1])
Patches:
Upstream:https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
More Information

Updated: 2022-04-25 00:23:53 UTC (commit ecc1009cb19540b950de59270950018900f37f15)