CVE-2015-5147

Publication date 14 July 2015

Last updated 24 July 2024

Ubuntu priority

Description

Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ruby-redcarpet	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release

How can I get the fixes?
What do statuses mean?

Notes

seth-arnold

The report included "Affects: v3.3.0 - v3.3.1", newer than our packages

References

MITRE
NVD
Launchpad
Debian

Other references

https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
http://www.openwall.com/lists/oss-security/2015/06/29/3
https://www.cve.org/CVERecord?id=CVE-2015-5147