Darakian

**Name of the Vulnerable Software and Affected Versions** comrak versions prior to 0.17.0 **Description** The issue arises when a Comrak AST is constructed manually and then converted to HTML, as the HTML formatting code assumes the AST is well-formed. This assumption can be violated if the AST contains invalid UTF-8 data in its `[u8]` fields, potentially triggering several bugs. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 0.17.0, upgrade to version 0.17.0 or later, which contains adjustments to the AST to store strings instead of unvalidated byte arrays. As a temporary workaround for users unable to upgrade, manually validate the UTF-8 correctness of all data when assigning to `&[u8]` and `Vec<u8>` fields in the AST.