CVE-2023-38745 is a security vulnerability affecting Pandoc, a widely used document converter, in versions before 3.1.6. The vulnerability enables an attacker to perform arbitrary file writes on the host system by supplying a crafted image element in the input when generating files using the --extract-media option or when outputting to PDF format. This occurs because Pandoc fails to properly sanitize and handle double encoded path names, a flaw that persisted due to an incomplete fix of a previous vulnerability (CVE-2023-35936). When Pandoc processes the malicious input, it can write files to arbitrary locations on the filesystem, potentially overwriting critical files or planting malicious payloads. The impact depends on the privileges of the Pandoc process; if run with elevated rights, the attacker could gain significant control over the system. Exploitation requires that untrusted user input is passed to Pandoc and that the application is configured to produce PDFs or extract media files, which is common in automated document processing workflows. There are no known exploits in the wild at the time of publication, but the vulnerability poses a serious risk given Pandoc's popularity in academic, publishing, and software development environments. The lack of a CVSS score necessitates an independent severity assessment, considering the ease of exploitation (no user interaction needed beyond input submission), the scope (arbitrary file write), and the potential impact on confidentiality, integrity, and availability.

For European organizations, the arbitrary file write vulnerability in Pandoc could lead to unauthorized modification or creation of files, enabling attackers to implant malicious code, alter documents, or disrupt services. This is particularly concerning for institutions that automate document generation or conversion from untrusted sources, such as universities, research centers, publishing houses, and software companies. If exploited, attackers could escalate privileges, compromise sensitive data, or disrupt business operations. The impact is amplified in environments where Pandoc runs with elevated privileges or on critical infrastructure. Additionally, the ability to overwrite files could facilitate further attacks, including ransomware deployment or persistent backdoors. Given the widespread use of Pandoc in Europe, especially in academic and technical sectors, the threat could affect a broad range of organizations, potentially leading to data breaches, reputational damage, and operational downtime.

To mitigate this vulnerability, European organizations should immediately upgrade Pandoc to version 3.1.6 or later, where the issue is fixed. Organizations should audit their document processing workflows to identify any use of Pandoc with untrusted input, especially where the --extract-media option or PDF output is involved. Restricting the execution context of Pandoc to least privilege environments reduces the risk of severe impact. Implement input validation and sanitization to prevent malicious crafted inputs from reaching Pandoc. Where possible, isolate document conversion processes in sandboxed or containerized environments to limit filesystem access. Monitoring and logging Pandoc usage can help detect anomalous activity. Finally, organizations should review and update their incident response plans to include scenarios involving document processing vulnerabilities.