Skip to content

CWE 252 vulnerability detected in arena.c #423

New issue
New issue
Open
Open
CWE 252 vulnerability detected in arena.c#423
@nicjohnson

Description

@nicjohnson
nicjohnson
opened on Oct 16, 2025

Describe the bug
While scanning our repo, Veracode has detected a vulnerability in swift-cmark/src/arena.c on line 22 in the alloc_arena_chunk function.

See the CWE for more detail: https://cwe.mitre.org/data/definitions/252.html

Checklist

  • I can reproduce this issue with a vanilla SwiftUI project.
  • I can reproduce this issue using the main branch of this package.
  • This bug hasn't been addressed in an existing GitHub issue.

Steps to reproduce

  1. With Veracode, scan a project that uses [email protected]

Expected behavior
Zero vulnerabilities reported by Veracode.

Screenshots

Image

Version information

  • MarkdownUI: 2.4.1
  • OS: iOS 26.0.1
  • Xcode: 26.0.1

Additional context
n/a

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions