DEBIAN-CVE-2023-22485

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2023-22485
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-22485.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-22485
Upstream
Published
2023-01-24T01:15:10Z
Modified
2025-09-19T06:08:59Z
Summary
[none]
Details

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the validate_protocol function. We believe this bug is harmless in practice, because the out-of-bounds read accesses malloc metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.

References

Affected packages

Debian:13

cmark-gfm

Package

Name
cmark-gfm
Purl
pkg:deb/debian/cmark-gfm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.29.0.gfm.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

python-cmarkgfm

Package

Name
python-cmarkgfm
Purl
pkg:deb/debian/python-cmarkgfm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2024.11.20-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

r-cran-commonmark

Package

Name
r-cran-commonmark
Purl
pkg:deb/debian/r-cran-commonmark?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

ruby-commonmarker

Package

Name
ruby-commonmarker
Purl
pkg:deb/debian/ruby-commonmarker?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.10-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14

cmark-gfm

Package

Name
cmark-gfm
Purl
pkg:deb/debian/cmark-gfm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.29.0.gfm.13-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

python-cmarkgfm

Package

Name
python-cmarkgfm
Purl
pkg:deb/debian/python-cmarkgfm?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2024.11.20-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

r-cran-commonmark

Package

Name
r-cran-commonmark
Purl
pkg:deb/debian/r-cran-commonmark?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

ruby-commonmarker

Package

Name
ruby-commonmarker
Purl
pkg:deb/debian/ruby-commonmarker?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.10-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}