Search for packages
| purl | pkg:deb/debian/python-cmarkgfm@0.8.0-3 |
| Next non-vulnerable version | 2024.11.20-1 |
| Latest non-vulnerable version | 2024.11.20-1 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2an8-zxae-hffk
Aliases: CVE-2023-24824 |
cmark-gfm: Quadratic complexity bugs may lead to a denial of service |
Affected by 0 other vulnerabilities. |
|
VCID-3hpr-vga4-kucr
Aliases: CVE-2023-22486 |
Affected by 0 other vulnerabilities. |
|
|
VCID-cr2f-h3ds-m7bp
Aliases: CVE-2023-22484 |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. |
Affected by 0 other vulnerabilities. |
|
VCID-fjt6-mbum-gkdh
Aliases: CVE-2022-39209 |
cmark-gfm: Unbounded resource exhaustion may lead to denial of service |
Affected by 0 other vulnerabilities. |
|
VCID-g272-pad7-t7bp
Aliases: CVE-2023-26485 |
commonmarker: Quadratic complexity bug may lead to a denial of service |
Affected by 0 other vulnerabilities. |
|
VCID-rfcv-sua7-uke4
Aliases: CVE-2023-22483 |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7. |
Affected by 0 other vulnerabilities. |
|
VCID-u5p8-6fkp-byap
Aliases: CVE-2023-37463 |
cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12. |
Affected by 0 other vulnerabilities. |
|
VCID-vapm-4zu8-d7ba
Aliases: CVE-2023-22485 |
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3ngu-1qyq-5ub2 | cmark-gfm: possible RCE due to integer overflow |
CVE-2022-24724
|
| VCID-t4pg-p9b1-xycx | cmark-gfm: Exponential time to parse certain inputs could lead to DoS |
CVE-2020-5238
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T01:15:39.475677+00:00 | Debian Importer | Affected by | VCID-3hpr-vga4-kucr | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-30T01:07:26.467720+00:00 | Debian Importer | Affected by | VCID-g272-pad7-t7bp | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-30T01:04:56.540154+00:00 | Debian Importer | Affected by | VCID-vapm-4zu8-d7ba | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-30T00:43:57.912791+00:00 | Debian Importer | Affected by | VCID-fjt6-mbum-gkdh | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-30T00:36:47.683832+00:00 | Debian Importer | Affected by | VCID-cr2f-h3ds-m7bp | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-30T00:28:59.229831+00:00 | Debian Importer | Affected by | VCID-2an8-zxae-hffk | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-29T23:39:05.834376+00:00 | Debian Importer | Fixing | VCID-3ngu-1qyq-5ub2 | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-29T23:31:44.737032+00:00 | Debian Importer | Affected by | VCID-u5p8-6fkp-byap | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-29T23:21:30.423521+00:00 | Debian Importer | Affected by | VCID-rfcv-sua7-uke4 | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-05-29T22:58:27.437334+00:00 | Debian Importer | Fixing | VCID-t4pg-p9b1-xycx | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |