Orc/discount

Orc/discount

www.pell.portland.or.us

Releases127

Frequency1 month 3 weeks

Last Release 14 days ago

Stars885

My C implementation of John Gruber's Markdown markup language

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-4833 ↗	Mar 26, 2026Thursday, 26 March 2026, 02:16	3.3 LOW	1.7 LOW
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."
CVE-2018-12495 ↗	Jun 15, 2018Friday, 15 June 2018, 18:29	—	4.3 MEDIUM
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2018-11503 ↗	May 26, 2018Saturday, 26 May 2018, 21:29	—	4.3 MEDIUM
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
CVE-2018-11504 ↗	May 26, 2018Saturday, 26 May 2018, 21:29	—	4.3 MEDIUM
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
CVE-2018-11468 ↗	May 25, 2018Friday, 25 May 2018, 13:29	—	4.3 MEDIUM
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.