What is CVE-2025-46656?

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption.

How severe is CVE-2025-46656?

CVE-2025-46656 has a CVSS v3 score of 2.9 (LOW).

CVE-2025-46656

Name: markdownify
Author: matthewwithanm

2.9LOW

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

Veröffentlicht: 4/26/2025Aktualisiert: 10/16/2025

Auf NVD ansehen Auf MITRE ansehen

Beschreibung

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

KI-AnalyseKI-gestützt

Betroffene Produkte

matthewwithanmmarkdownify

Referenzen

https://github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1
Patch
https://github.com/matthewwithanm/python-markdownify/issues/143
Exploit
https://github.com/matthewwithanm/python-markdownify/issues/143
Exploit