CVE-2012-0781

Priority
Description
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to
cause a denial of service (NULL pointer dereference and application crash)
via crafted input to an application that attempts to perform Tidy::diagnose
operations on invalid objects, a different vulnerability than
CVE-2011-4153.
Assigned-to
mdeslaur
Notes
sbeattieupstream added a fix for this, but reverted it as it added a
regression, and asserts it should be fixed in libtidy
mdeslaurupstream finally fixed it in r323118
More Information

Updated: 2020-03-18 22:08:29 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)