Your submission was sent successfully! Close

CVE-2012-0781

Published: 18 January 2012

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.

Priority

Low

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
hardy
Released (5.2.4-2ubuntu5.25)
lucid
Released (5.3.2-1ubuntu4.17)
maverick Ignored
(reached end-of-life)
natty
Released (5.3.5-1ubuntu7.10)
oneiric
Released (5.3.6-13ubuntu3.8)
precise
Released (5.3.10-1ubuntu3.2)
upstream
Released (5.3.11)

Notes

AuthorNote
sbeattie
upstream added a fix for this, but reverted it as it added a
regression, and asserts it should be fixed in libtidy
mdeslaur
upstream finally fixed it in r323118

References

Bugs