CVE-2023-31194 | THREATINT

Description

An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.

PUBLISHED Reserved 2023-04-26 | Published 2023-07-05 | Updated 2025-11-04 | Assigner talos

MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

v1.0.139

affected

Credits

Discovered by Francesco Benvenuto of Cisco Talos.

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1745

www.talosintelligence.com/...ability_reports/TALOS-2023-1745

talosintelligence.com/vulnerability_reports/TALOS-2023-1745

cve.org (CVE-2023-31194)

nvd.nist.gov (CVE-2023-31194)

Download JSON