Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-5522

Published: 11/08/2015 Updated: 08/12/2016
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Htacg

Vulnerability Summary

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy prior to 4.9.31 allows remote malicious users to cause a denial of service (crash) via vectors involving a command character in an href.

Vulnerable Product Search on Vulmon Subscribe to Product

htacg tidy

canonical ubuntu linux 12.04

canonical ubuntu linux 15.04

canonical ubuntu linux 14.04

debian debian linux 8.0

debian debian linux 7.0

apple mac os x

apple watchos

apple iphone os

Vendor Advisories

Debian CVElist Bug Report Logs: tidy: CVE-2015-5522 and CVE-2015-5523
Debian Bug report logs - #792571 tidy: CVE-2015-5522 and CVE-2015-5523 Package: src:tidy; Maintainer for src:tidy is Tidy HTML5 <tidy-html5@packagesdebianorg>; Reported by: Alessandro Ghedini <ghedo@debianorg> Date: Thu, 16 Jul 2015 11:33:01 UTC Severity: important Tags: jessie, patch, security, sid, squeeze, stre ...
Ubuntu Security Notice: tidy vulnerabilities
HTML Tidy could be made to crash or run programs if it processed specially crafted data ...
Debian Security Advisories: DSA-3309-1 tidy -- security update
Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code Geoff McLane also discovered that a similar issue could trigger an integer overflow, leading to a me ...

References

CWE-119http://www.openwall.com/lists/oss-security/2015/06/04/2https://github.com/htacg/tidy-html5/issues/217http://www.ubuntu.com/usn/USN-2695-1http://www.openwall.com/lists/oss-security/2015/07/15/3http://www.debian.org/security/2015/dsa-3309http://www.openwall.com/lists/oss-security/2015/07/13/7http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlhttps://support.apple.com/HT205212https://support.apple.com/HT205267http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlhttps://support.apple.com/HT205213http://www.securityfocus.com/bid/75037http://www.securitytracker.com/id/1033703https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792571https://usn.ubuntu.com/2695-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook