Memory Consumption Vulnerability in Python Markdownify by Matthew Withan
CVE-2025-46656

2.9LOW

Key Information:

Vendor
Python-markdownify
Status
Python-markdownify
Vendor
CVE Published:
26 April 2025

Summary

The python-markdownify library, prior to version 0.14.1, introduces a vulnerability that permits the use of excessively large headline prefixes, such as , alongside standard headings like through . This flaw can lead to significant memory consumption, potentially impacting the performance and availability of applications utilizing this library. It's crucial for developers using python-markdownify to update to version 0.14.1 or later to mitigate this issue and ensure their applications remain stable.

Affected Version(s)

python-markdownify 0 < 0.14.1

References

https://github.com/matthewwithanm/python-markdownify/comp...
https://github.com/matthewwithanm/python-markdownify/issu...

CVSS V3.1

Score:
2.9
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-46656 : Memory Consumption Vulnerability in Python Markdownify by Matthew Withan | SecurityVulnerability.io