ALSA-2022:5597

Source
https://errata.almalinux.org/8/ALSA-2022-5597.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:5597.json
JSON Data
https://api.test.osv.dev/v1/vulns/ALSA-2022:5597
Related
Published
2022-07-18T00:00:00Z
Modified
2022-07-20T15:01:31Z
Summary
Important: pandoc security update
Details

Pandoc is a markdown/markup conversion tool. The version of pandoc in AlmaLinux 8 CRB uses cmark-gfm (GitHub's extended version of the C reference implementation of CommonMark) for parts of its conversion. The update, fixes CVE-2022-24724: an integer overflow in cmark-gfm's table row parsing which may lead to heap memory corruption when parsing tables with more than UINT16_MAX columns. Security Fix(es): * cmark-gfm: possible RCE due to integer overflow (CVE-2022-24724) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / pandoc

Package

Name
pandoc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.6-6.el8_6

AlmaLinux:8 / pandoc-common

Package

Name
pandoc-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.6-6.el8_6