CVE-2015-5523

Publication date 16 July 2015

Last updated 24 July 2024


Ubuntu priority

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

Read the notes from the security team

Status

Package Ubuntu Release Status
tidy 15.04 vivid
Fixed 20091223cvs-1.4ubuntu0.1
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 20091223cvs-1.2ubuntu1.1
12.04 LTS precise
Fixed 20091223cvs-1ubuntu2.1

Notes


mdeslaur

same fix as CVE-2015-5522

References

Related Ubuntu Security Notices (USN)

    • USN-2695-1
    • HTML Tidy vulnerabilities
    • 29 July 2015

Other references