[USN-4897-2] Pygments vulnerabilities
Severity
High
Affected Packages
2
CVEs
2
Pygments could be made to hang if it opened a specially crafted file.
USN-4897-1 fixed several vulnerabilities in Pygments. This update provides
the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
Ben Caller discovered that Pygments incorrectly handled parsing certain
files. If a user or automated system were tricked into parsing a specially
crafted file, a remote attacker could cause Pygments to hang or consume
resources, resulting in a denial of service. (CVE-2021-27291)
It was discovered that Pygments incorrectly handled parsing certain
files. An attacker could possibly use this issue to cause a denial of
service. (CVE-2021-20270)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/python3-pygments?distro=trusty | < 1.6+dfsg-1ubuntu1.1+esm1 |
pkg:deb/ubuntu/python-pygments?distro=trusty | < 1.6+dfsg-1ubuntu1.1+esm1 |
- ID
- USN-4897-2
- Severity
- high
- Severity from
- CVE-2021-20270
- URL
- https://ubuntu.com/security/notices/USN-4897-2
- Published
-
2023-08-14T10:38:30
(13 months ago) - Modified
-
2023-08-14T10:38:30
(13 months ago) - Other Advisories
-
- ALAS2-2023-2117
- ALAS2-2023-2198
- ALPINE:CVE-2021-20270
- ALPINE:CVE-2021-27291
- ALSA-2021:4150
- ALSA-2021:4151
- DSA-4870-1
- DSA-4878-1
- DSA-4889-1
- ELSA-2021-4150
- ELSA-2021-4151
- ELSA-2021-9553
- FEDORA-2021-166dfc62b2
- FEDORA-2021-3f975f68c8
- FREEBSD:CDC685B5-1724-49A1-AD57-2EAAB68E9CC0
- MS:CVE-2021-20270
- MS:CVE-2021-27291
- openSUSE-SU-2021:1402-1
- openSUSE-SU-2021:1521-1
- openSUSE-SU-2021:3839-1
- openSUSE-SU-2021:3841-1
- PYSEC-2021-140
- PYSEC-2021-141
- RHSA-2021:4139
- RHSA-2021:4150
- RHSA-2021:4151
- RLSA-2021:4150
- RLSA-2021:4151
- SUSE-SU-2021:1500-1
- SUSE-SU-2021:3473-1
- SUSE-SU-2021:3814-1
- SUSE-SU-2021:3839-1
- SUSE-SU-2021:3840-1
- SUSE-SU-2021:3841-1
- USN-4885-1
- USN-4897-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/python3-pygments?distro=trusty | ubuntu | python3-pygments | < 1.6+dfsg-1ubuntu1.1+esm1 | trusty | ||
Affected | pkg:deb/ubuntu/python-pygments?distro=trusty | ubuntu | python-pygments | < 1.6+dfsg-1ubuntu1.1+esm1 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |