The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < charac…

The github.com/gomarkdown/markdown Go library contains a vulnerability that causes out-of-bounds memory reads or panics when processing malformed input. The issue occurs when the SmartypantsRenderer processes text containing a '<' character not followed by a '>' character anywhere in the remaining text. This can lead to memory safety issues including out-of-bounds reads or application crashes. The vulnerability has been patched in commit 759bbc3e32073c3bc4e25969c132fc520eda2778. Organizations using this Go markdown parsing library should update to the fixed version to prevent potential denial of service attacks.