http://bugzilla.opensuse.org/show_bug.cgi?id=1094809 Bug ID: 1094809 Summary: VUL-0: CVE-2018-11468: discount: heap-based buffer over-read __mkd_trim_line function in mkdio.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/206507/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: mpluskal@suse.com Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- rh#1582640 The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. References: https://bugzilla.redhat.com/show_bug.cgi?id=1582640 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11468 https://github.com/Orc/discount/issues/189 -- You are receiving this mail because: You are on the CC list for the bug.