cmark-gfm is vulnerable to remote code execution. The vulnerability exists due to an integer overflow in cmark-gfm’s table row parsing table.c:row_from_string
.
packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.html
github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x
lists.fedoraproject.org/archives/list/[email protected]/message/5CYUU662VO6CCXQKVZVOHXX3RGIF2DLQ/
lists.fedoraproject.org/archives/list/[email protected]/message/F7V3HAM5H6YFJG2QFEXACZR3XVWFTXTC/
lists.fedoraproject.org/archives/list/[email protected]/message/KH4UQA6VWVZU5EW3HNEAB7D7BTCNJSJ2/
lists.fedoraproject.org/archives/list/[email protected]/message/RSKUOJ2VAYGTJXPDE2RRPMNLVVMKCI77/
lists.fedoraproject.org/archives/list/[email protected]/message/TJBFIJEHJZEEDG6MO4MQHZYKUXELH77O/
lists.fedoraproject.org/archives/list/[email protected]/message/Z55K6VNVKO2G5SNKRCQ2KDG5SKTX5PVV/
security-tracker.debian.org/tracker/CVE-2022-24724