CVE-2026-35201
Discount has an Out-of-bounds Read in rdiscount
CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
12th
Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4.
| CWE | CWE-125 |
| Vendor | davidfstr |
| Product | rdiscount |
| Published | Apr 6, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for davidfstr rdiscount
Be the first to know when new medium vulnerabilities affecting davidfstr rdiscount are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
davidfstr / rdiscount
>= 1.3.1.1, < 2.2.7.4