What is CVE-2025-46656?

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption.

How severe is CVE-2025-46656?

CVE-2025-46656 has a CVSS v3 score of 2.9 (LOW).

CVE-2025-46656

Name: markdownify
Author: matthewwithanm

2.9LOW

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

Publicado: 4/26/2025Actualizado: 10/16/2025

Ver en NVD Ver en MITRE

Descripción

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

Análisis IAImpulsado por IA

Productos Afectados

matthewwithanmmarkdownify

Referencias

https://github.com/matthewwithanm/python-markdownify/compare/0.14.0...0.14.1
Patch
https://github.com/matthewwithanm/python-markdownify/issues/143
Exploit
https://github.com/matthewwithanm/python-markdownify/issues/143
Exploit