CVE-2023-31194
Description
An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Diagon v1.0.139 has an improper array index validation in GraphPlanar::Write leading to memory corruption via a crafted markdown file.
Vulnerability
Diagon v1.0.139 contains an improper array index validation vulnerability in the GraphPlanar::Write function. A specially crafted markdown file can trigger out-of-bounds memory access when processing planar graph representations. The vulnerability is present in version 1.0.139 as confirmed by Talos [1].
Exploitation
Exploitation requires a victim to open a malicious markdown file using Diagon. No prior authentication or special privileges are needed. The attacker crafts a markdown input that, when parsed and rendered by GraphPlanar::Write, causes an invalid array index access, leading to memory corruption [1].
Impact
Successful exploitation can result in memory corruption, potentially leading to denial of service or arbitrary code execution in the context of the Diagon process. The CVSSv3 score is 5.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L), indicating low impact on confidentiality, integrity, and availability [1].
Mitigation
As of the publication date (2023-07-05), no patched version has been released. Users are advised to avoid opening untrusted markdown files with Diagon until a fix is available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Diagon/Diagonv5Range: v1.0.139
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.