Name of the Vulnerable Software and Affected Versions zmarkdown versions prior to 10.1.3

Description A Local File Inclusion issue was discovered in zmarkdown, allowing images with known paths on the host machine to be included in a LaTeX document. This could be exploited by including an image from an invalid path, such as ![](/tmp/img.png), which would redownload and include the image found at that path. Every user of zmarkdown is likely impacted, except if they have disabled LaTeX generation or images download.

Recommendations Update to version 10.1.3 as soon as possible to patch the vulnerability. As a temporary workaround, consider disabling images downloading or sanitizing paths to minimize the risk of exploitation.