CVE-2015-5523
Published: 16 July 2015
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
Notes
Author | Note |
---|---|
mdeslaur | same fix as CVE-2015-5522 |