Pygments

pygments

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-40896 1Pygments 1Pygments Nov 21, 2024 Jul 19, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
CVE-2021-20270 4Debian FedoraprojectPygments+1 more 7Debian Linux Enterprise LinuxFedora+4 more Nov 21, 2024 Mar 23, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "except...Show more An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.Show less
CVE-2021-27291 3Debian FedoraprojectPygments 3Debian Linux FedoraPygments Nov 21, 2024 Mar 17, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to...Show more In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.Show less
CVE-2015-8557 2Canonical Pygments 2Pygments Ubuntu Linux May 6, 2026 Jan 8, 2016 N/A· v4 9.0 CRITICAL· v3 9.3 HIGH· v2 The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.