Description
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote
attackers to cause a denial of service (crash) via vectors involving
multiple whitespace characters before an empty href, which triggers a large
memory allocation.
Notes
mdeslaur | same fix as CVE-2015-5522 |
Package
Upstream: | released
(20091223cvs-1.5)
|
Ubuntu 14.04 ESM (Trusty Tahr): | released
(20091223cvs-1.2ubuntu1.1)
|
Patches:
Updated: 2022-02-11 01:00:04 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)