Skip to main content

Md4C

8 CVEs product

Monthly

CVE-2021-30027 MEDIUM POC PATCH This Month

md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Md4C
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-26148 HIGH POC This Week

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Md4C
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-12112 HIGH POC This Week

md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-12102 MEDIUM POC This Month

md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Md4C
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-11547 CRITICAL Act Now

md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11546 CRITICAL Act Now

md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11545 CRITICAL Act Now

md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11536 CRITICAL POC Act Now

md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Md4C
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Md4C
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Md4C
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Md4C
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Md4C
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Md4C
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Md4C
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Md4C
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy