Search for packages
| purl | pkg:deb/debian/cmark-gfm@0.29.0.gfm.13-4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2an8-zxae-hffk | cmark-gfm: Quadratic complexity bugs may lead to a denial of service |
CVE-2023-24824
|
| VCID-3hpr-vga4-kucr |
CVE-2023-22486
|
|
| VCID-cr2f-h3ds-m7bp | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. |
CVE-2023-22484
|
| VCID-g272-pad7-t7bp | commonmarker: Quadratic complexity bug may lead to a denial of service |
CVE-2023-26485
|
| VCID-rfcv-sua7-uke4 | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7. |
CVE-2023-22483
|
| VCID-u5p8-6fkp-byap | cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. |
CVE-2023-37463
|
| VCID-vapm-4zu8-d7ba | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7. |
CVE-2023-22485
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T01:00:56.615156+00:00 | Debian Importer | Fixing | VCID-rfcv-sua7-uke4 | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-30T00:42:33.655805+00:00 | Debian Importer | Fixing | VCID-2an8-zxae-hffk | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-30T00:32:15.096403+00:00 | Debian Importer | Fixing | VCID-3hpr-vga4-kucr | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-30T00:30:01.630913+00:00 | Debian Importer | Fixing | VCID-vapm-4zu8-d7ba | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-29T23:50:09.590735+00:00 | Debian Importer | Fixing | VCID-g272-pad7-t7bp | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-29T23:38:18.694591+00:00 | Debian Importer | Fixing | VCID-cr2f-h3ds-m7bp | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-29T23:10:54.714657+00:00 | Debian Importer | Fixing | VCID-u5p8-6fkp-byap | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |