Back to bug 2225379
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-07-25 07:06:13 UTC | Depends On | 2225382 | |
| Sandipan Roy | 2023-07-25 07:08:39 UTC | Blocks | 2225384 | |
| TEJ RATHI | 2023-07-27 13:56:41 UTC | Doc Text | An arbitrary file write vulnerability was found in Haskell's Pandoc, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system (depending on the privileges of the process running pandoc). | |
| Fixed In Version | pandoc 3.1.6 | |||
| Summary | TRIAGE-CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system | CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system | ||
| Alias | TRIAGE-CVE-2023-38745 | CVE-2023-38745 | ||
| TEJ RATHI | 2023-07-27 13:57:04 UTC | Depends On | 2227034, 2227033 | |
| TEJ RATHI | 2023-07-27 13:59:25 UTC | Summary | CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system | CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936) |
| TEJ RATHI | 2023-07-27 14:01:59 UTC | Depends On | 2220880 | |
| Paige Jung | 2023-07-27 16:05:41 UTC | Doc Text | An arbitrary file write vulnerability was found in Haskell's Pandoc, which can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system (depending on the privileges of the process running pandoc). | An arbitrary file write vulnerability was found in Haskell's Pandoc. This issue can be triggered by providing a specially crafted image element in the input when generating files using the --extract-media option or outputting to PDF format. This may allow an attacker to create or overwrite arbitrary files on the system, depending on the privileges of the process running pandoc. |
Back to bug 2225379