Fabre

#1136025 discount: CVE-2026-35201 #1136025

Package:: src:discount

Source:: src:discount

Submitter:: Moritz Mühlenhoff

Date:: 2026-05-08 14:51:01 UTC

Severity:: normal

Tags:

#1136025#5

Date:: 2026-05-08 14:28:15 UTC

From:

To:

Hi,

The following vulnerability was published for discount.

CVE-2026-35201[0]:
| Discount is an implementation of John Gruber's Markdown markup
| language in C. From 1.3.1.1 to before 2.2.7.4, a signed length
| truncation bug causes an out-of-bounds read in the default Markdown
| parse path. Inputs larger than INT_MAX are truncated to a signed int
| before entering the native parser, allowing the parser to read past
| the end of the supplied buffer and crash the process. This
| vulnerability is fixed in 2.2.7.4.

https://github.com/davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrc
https://github.com/davidfstr/rdiscount/commit/b1a16445e92e0d12c07594dedcdc56f80b317761 (2.2.7.4)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-35201
https://www.cve.org/CVERecord?id=CVE-2026-35201

Please adjust the affected versions in the BTS as needed.

#1136025 discount: CVE-2026-35201 #1136025

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)