Infinite loop in XQuery lexer
Bug #1278323 reported by
Martin Carpenter
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pygments (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
To reproduce:
echo '(#m' | pygmentize -l xqy
This spins CPU up to 100% and does not exit. Web applications that use pygments to format user-supplied input could therefore be vulnerable to denial of service.
Bug does not exist in pygments 1.6 installed via pip.
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.