RSS   Vulnerabilities for 'MD4C'   RSS

2018-06-11
 
CVE-2018-12112

CWE-119
 

 
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.

 
 
CVE-2018-12102

CWE-476
 

 
md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block.

 
2018-05-29
 
CVE-2018-11547

CWE-125
 

 
md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.

 
 
CVE-2018-11546

CWE-125
 

 
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.

 
 
CVE-2018-11545

CWE-119
 

 
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.

 


Copyright 2024, cxsecurity.com

 

Back to Top