Description

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4.

INFO

Published Date :

2026-04-06T19:49:48.806Z

Last Modified :

2026-04-06T19:49:48.806Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35201 vulnerability.

Vendors Products
Davidfstr
  • Rdiscount
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35201.

URL Resource
https://github.com/davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact