Submit #774685: pygments <=2.19.2 Denial of Serviceinfo

Titlepygments <=2.19.2 Denial of Service
DescriptionA Regular Expression Denial of Service (ReDoS) vulnerability exists in the pygments project at pygments/lexers/archetype.py (line 296). The regex pattern (\d|[a-fA-F])+(-(\d|[a-fA-F])+){3,} designed for GUID matching contains nested repeating quantifiers, leading to catastrophic backtracking when processing partially matching malicious input. This results in severe performance degradation and can block the application thread indefinitely with sufficiently large input, complying with CWE-1333 (Inefficient Regular Expression Complexity). More details: https://github.com/pygments/pygments/issues/3058
Source⚠️ https://github.com/pygments/pygments/issues/3058
User
 ybdesire (UID 83239)
Submission03/07/2026 13:06 (4 months ago)
Moderation03/21/2026 10:10 (14 days later)
StatusAccepted
VulDB entry352327 [pygments up to 2.19.2 archetype.py AdlLexer redos]
Points20

Want to know what is going to be exploited?

We predict KEV entries!