INFSA-2025:8427: pandoc security update
Information about definition
Identificator: INFSA-2025:8427
Type: security
Release date: 2025-07-07 11:16:32 UTC
Information about package
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. In contrast to most existing tools for converting Markdown to HTML, pandoc has a modular design: it consists of a set of readers, which parse text in a given format and produce a native representation of the document, and a set of writers, which convert this native representation into a target format. Thus, adding an input or output format requires only adding a reader or writer. For pdf output please also install pandoc-pdf.
Vulnerabilities description
- CVE-2023-24824
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-24824
|
no information | 7.5 | no information |
Updated packages