CVE-2015-5523 in Ubuntu

CVE-2015-5523

Priority

Description

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote
attackers to cause a denial of service (crash) via vectors involving
multiple whitespace characters before an empty href, which triggers a large
memory allocation.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523
http://www.openwall.com/lists/oss-security/2015/06/04/2
https://ubuntu.com/security/notices/USN-2695-1

Bugs

https://github.com/htacg/tidy-html5/issues/217
https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792571

Assigned-to

mdeslaur

Notes

mdeslaur

same fix as CVE-2015-5522

Package

Source: tidy (LP Ubuntu Debian)

Upstream:	released (20091223cvs-1.5)
Ubuntu 14.04 ESM (Trusty Tahr):	released (20091223cvs-1.2ubuntu1.1)

Patches:

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-11 01:00:04 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)