Vulnerability Description
Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pandoc | Pandoc | < 3.1.6 |
| Debian | Debian Linux | 10.0 |
References
- https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625Patch
- https://github.com/jgm/pandoc/compare/3.1.5...3.1.6Patch
- https://lists.debian.org/debian-lts-announce/2023/07/msg00029.htmlMailing List
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625Patch
- https://github.com/jgm/pandoc/compare/3.1.5...3.1.6Patch
- https://lists.debian.org/debian-lts-announce/2023/07/msg00029.htmlMailing List
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2023-38745?
CVE-2023-38745 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF forma...
How severe is CVE-2023-38745?
CVE-2023-38745 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38745?
Check the references section above for vendor advisories and patch information. Affected products include: Pandoc Pandoc, Debian Debian Linux.