#1133003 discount: CVE-2026-4833

Package:
src:discount
Source:
src:discount
Submitter:
Salvatore Bonaccorso
Date:
2026-04-08 18:47:02 UTC
Severity:
normal
Tags:
#1133003#5
Date:
2026-04-08 18:44:45 UTC
From:
To:
Hi,

The following vulnerability was published for discount.

CVE-2026-4833[0]:
| A weakness has been identified in Orc discount up to 3.0.1.2. This
| issue affects the function compile of the file markdown.c of the
| component Markdown Handler. This manipulation causes uncontrolled
| recursion. The attack is restricted to local execution. The exploit
| has been made available to the public and could be used for attacks.
| The project maintainer confirms: "[I]f you feed it an infinitely
| deep blockquote input it will crash. (...) [T]his is a duplicate of
| an old bug that I've been working on."


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-4833
https://www.cve.org/CVERecord?id=CVE-2026-4833
[1] https://github.com/Orc/discount/issues/305

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore