- Vulnerability/
- USN-4897-1
USN-4897-1: Pygments vulnerability
First published: Tue Mar 30 2021(Updated: )
Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources, resulting in a denial of service.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3-pygments | <2.3.1+dfsg-4ubuntu0.2 | 2.3.1+dfsg-4ubuntu0.2 |
| Ubuntu Ubuntu | =20.10 | |
| All of | ||
| ubuntu/python-pygments | <2.3.1+dfsg-1ubuntu2.2 | 2.3.1+dfsg-1ubuntu2.2 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/python3-pygments | <2.3.1+dfsg-1ubuntu2.2 | 2.3.1+dfsg-1ubuntu2.2 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/python-pygments | <2.2.0+dfsg-1ubuntu0.2 | 2.2.0+dfsg-1ubuntu0.2 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/python3-pygments | <2.2.0+dfsg-1ubuntu0.2 | 2.2.0+dfsg-1ubuntu0.2 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/python-pygments | <2.1+dfsg-1ubuntu0.2 | 2.1+dfsg-1ubuntu0.2 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/python3-pygments | <2.1+dfsg-1ubuntu0.2 | 2.1+dfsg-1ubuntu0.2 |
| Ubuntu Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-27291
- https://ubuntu.com/security/notices/USN-4897-2
- https://launchpad.net/ubuntu/+source/pygments/2.3.1+dfsg-4ubuntu0.2
- https://launchpad.net/ubuntu/+source/pygments/2.3.1+dfsg-1ubuntu2.2
- https://launchpad.net/ubuntu/+source/pygments/2.2.0+dfsg-1ubuntu0.2
- https://launchpad.net/ubuntu/+source/pygments/2.1+dfsg-1ubuntu0.2
- https://ubuntu.com/security/notices/USN-4897-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this Pygments vulnerability?
The vulnerability ID for this Pygments vulnerability is CVE-2021-27291.
What is the impact of the Pygments vulnerability?
The Pygments vulnerability can result in a denial of service by causing Pygments to hang or consume excessive resources.
Which versions of Python-Pygments are affected by this vulnerability?
The versions affected by this vulnerability are python-pygments version 2.3.1+dfsg-1ubuntu2.2, python-pygments version 2.2.0+dfsg-1ubuntu0.2, and python-pygments version 2.1+dfsg-1ubuntu0.2.
Which versions of Python3-Pygments are affected by this vulnerability?
The versions affected by this vulnerability are python3-pygments version 2.3.1+dfsg-4ubuntu0.2, python3-pygments version 2.3.1+dfsg-1ubuntu2.2, python3-pygments version 2.2.0+dfsg-1ubuntu0.2, and python3-pygments version 2.1+dfsg-1ubuntu0.2.
How do I fix the Pygments vulnerability?
To fix the Pygments vulnerability, update to the appropriate fixed versions: python-pygments version 2.3.1+dfsg-1ubuntu2.2, python-pygments version 2.2.0+dfsg-1ubuntu0.2, python-pygments version 2.1+dfsg-1ubuntu0.2, python3-pygments version 2.3.1+dfsg-4ubuntu0.2, python3-pygments version 2.3.1+dfsg-1ubuntu2.2, python3-pygments version 2.2.0+dfsg-1ubuntu0.2, or python3-pygments version 2.1+dfsg-1ubuntu0.2.
- collector/usn
- anchor-related/USN-4897-2
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- agent/event
- agent/tags
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.10
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04