Closed nwellnhof closed 1 year ago
python3 -c 'print("a"+"<!--"*50000)' |build/src/cmark >/dev/null
This regressed in commit 4470ff33. Found by OSS-Fuzz.
I already have a fix for this which I'll push later.
Fixed by 6a5126a8d65ad8615ed1f8efb025bebc06e9483d
FYI, this bug also affected cmark-gfm (GitHub's fork of cmark), where we have assigned it CVE-2023-22484.
This regressed in commit 4470ff33. Found by OSS-Fuzz.