VulnerableCode Package Details - pkg:deb/debian/pygments@2.2.0%2Bdfsg-1~bpo8%2B1

Search for packages

Vulnerability	Summary	Fixed by
VCID-gkzq-thjf-z7fa Aliases: CVE-2021-20270 GHSA-9w8r-397f-prfh PYSEC-2021-140	An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.	2.3.1+dfsg-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-p93c-damj-kbec Aliases: CVE-2021-27291 GHSA-pq64-v7f5-gqh8 PYSEC-2021-141	In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.	2.3.1+dfsg-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.1+dfsg-2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gkzq-thjf-z7fa
Aliases:
CVE-2021-20270
GHSA-9w8r-397f-prfh
PYSEC-2021-140

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

2.3.1+dfsg-1+deb10u2
Affected by 2 other vulnerabilities.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

VCID-p93c-damj-kbec
Aliases:
CVE-2021-27291
GHSA-pq64-v7f5-gqh8
PYSEC-2021-141

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

2.3.1+dfsg-1+deb10u2
Affected by 2 other vulnerabilities.

2.7.1+dfsg-2.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-mf65-5asp-vkfs	The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.	CVE-2015-8557 GHSA-fff8-4w9p-7v76 PYSEC-2016-32

Vulnerability

Summary

Aliases

VCID-mf65-5asp-vkfs

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

CVE-2015-8557
GHSA-fff8-4w9p-7v76
PYSEC-2016-32

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:15:14.180865+00:00	Debian Oval Importer	Fixing	VCID-mf65-5asp-vkfs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:00:59.297972+00:00	Debian Oval Importer	Affected by	VCID-p93c-damj-kbec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:56:16.517577+00:00	Debian Oval Importer	Affected by	VCID-gkzq-thjf-z7fa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:27:15.034980+00:00	Debian Oval Importer	Affected by	VCID-gkzq-thjf-z7fa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:12:08.077066+00:00	Debian Oval Importer	Affected by	VCID-p93c-damj-kbec	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0