CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27390
https://notcve.org/view.php?id=CVE-2023-27390
A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1744 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31194
https://notcve.org/view.php?id=CVE-2023-31194
An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1745 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129: Improper Validation of Array Index •