CVE-2023-22485

Name of the Vulnerable Software and Affected Versions cmark-gfm versions prior to 0.29.0.gfm.7

Description The issue is related to a crafted markdown document that can trigger an out-of-bounds read in the validate protocol function. This bug is believed to be harmless in practice because the out-of-bounds read accesses malloc metadata without causing any visible damage. Additionally, there are issues with polynomial time complexity in multiple components, which may lead to unbounded resource exhaustion and denial of service.

Recommendations For versions prior to 0.29.0.gfm.7, upgrade to version 0.29.0.gfm.7 or later to patch the vulnerability. As a temporary workaround, consider validating input from trusted sources to minimize the risk of exploitation. Restrict access to untrusted markdown documents until the issue is resolved.