The ParseValue function in lexer.c in tidy prior to 4.9.31 allows remote malicious users to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
apple iphone os |
||
apple mac os x |
||
apple watchos |
||
htacg tidy |