CVE-2015-5522
Published: 16 July 2015
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
Priority
Status
Package | Release | Status |
---|---|---|
tidy Launchpad, Ubuntu, Debian |
precise |
Released
(20091223cvs-1ubuntu2.1)
|
trusty |
Released
(20091223cvs-1.2ubuntu1.1)
|
|
upstream |
Released
(20091223cvs-1.5)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Released
(20091223cvs-1.4ubuntu0.1)
|
|
Patches: upstream: https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d |