CVE-2015-5523

Published: Aug 11, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

1033703

vdb-entry

x_refsource_SECTRACK

[oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow

mailing-list

x_refsource_MLIST

https://support.apple.com/HT205212

x_refsource_CONFIRM

APPLE-SA-2015-09-30-3

vendor-advisory

x_refsource_APPLE

[oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow

mailing-list

x_refsource_MLIST

USN-2695-1

vendor-advisory

x_refsource_UBUNTU

https://support.apple.com/HT205267

x_refsource_CONFIRM

DSA-3309

vendor-advisory

x_refsource_DEBIAN

APPLE-SA-2015-09-21-1

vendor-advisory

x_refsource_APPLE

https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501

x_refsource_CONFIRM

https://support.apple.com/HT205213

x_refsource_CONFIRM

75037

vdb-entry

x_refsource_BID

APPLE-SA-2015-09-16-1

vendor-advisory

x_refsource_APPLE

[oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-5523

Description

Affected Products

References