ALT-PU-2017-2636-1
Closed vulnerabilities
Published: 2015-08-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-5522
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
Severity: MEDIUM (6.8)
References:
- APPLE-SA-2015-09-16-1
- APPLE-SA-2015-09-16-1
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- DSA-3309
- DSA-3309
- [oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- 75037
- 75037
- 1033703
- 1033703
- USN-2695-1
- USN-2695-1
- https://github.com/htacg/tidy-html5/issues/217
- https://github.com/htacg/tidy-html5/issues/217
- https://support.apple.com/HT205212
- https://support.apple.com/HT205212
- https://support.apple.com/HT205213
- https://support.apple.com/HT205213
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
Published: 2015-08-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-5523
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
Severity: MEDIUM (4.3)
References:
- APPLE-SA-2015-09-16-1
- APPLE-SA-2015-09-16-1
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-21-1
- APPLE-SA-2015-09-30-3
- APPLE-SA-2015-09-30-3
- DSA-3309
- DSA-3309
- [oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- [oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
- 75037
- 75037
- 1033703
- 1033703
- USN-2695-1
- USN-2695-1
- https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
- https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
- https://support.apple.com/HT205212
- https://support.apple.com/HT205212
- https://support.apple.com/HT205213
- https://support.apple.com/HT205213
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267