CVE-2022-39209 cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C
A new release of cmark-gfm has been released; the latest version is 0.29.0.gfm.6. Users are advised to upgrade as soon as possible. When upgrading, users should also be sure to upgrade any dependent packages. For further information, see: https://github.com/GitHub/cmark/issues/20891
CVE-2021-39211
A new release of cmark-gfm has been released; the latest version is 0.29.0.gfm.5. Users are advised to upgrade as soon as possible. When upgrading, users should also be sure to upgrade any dependent packages. For further information, see: https://github.com/GitHub/cmark/issues/20880
Upcoming Events
The next release of cmark-gfm has been released and you should upgrade as soon as possible. Check out the post at: https://github.com/GitHub/cmark/issues/20891
cmark-gfm and languages cmark-gfm is a library for processing text, specifically Markdown. It is an extension of the leading fork of Markdown that adds support for GitHub Flavored Markdown (GFM), and it also provides conversion between its own internal flavor of GFM and other flavors offered by other libraries such as Pandoc, Tidy, or Github-Flavored Markdown.
The new release includes changes to the functions that manipulate GFM documents--cmark_gfm_parse() and cmark_gfm_process()--to avoid calling into cmark on invalid input. These changes have been made in order to make cmark-gfm more robust, but they also break compatibility with older versions of cmark-gfm that don't implement these changes properly.
CVE-2023-39210
A new release of cmark-gfm has been released; the latest version is 0.29.0.gfm.7. Users are advised to upgrade as soon as possible. When upgrading, users should also be sure to upgrade any dependent packages. For further information, see: https://github.com/GitHub/cmark/issues/20922
Users are advised to upgrade as soon as possible when upgrading from a previous version of cmark-gfm or cmark-fonts in order to mitigate CVE-2022 and 2023 for arbitrary code execution (CVE-2022-39209, CVE-2023-39210).
Timeline
Published on: 09/15/2022 18:15:00 UTC
Last modified on: 09/19/2022 18:02:00 UTC