CVE-2015-5523

Published: 16 July 2015

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

Priority

Low

Status

Package Release Status
tidy
Launchpad, Ubuntu, Debian
Upstream
Released (20091223cvs-1.5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (20091223cvs-1.2ubuntu1.1)