Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-5523

Published: 11/08/2015 Updated: 08/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Ubuntu Linux

Vulnerability Summary

The ParseValue function in lexer.c in tidy prior to 4.9.31 allows remote malicious users to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 15.04

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

debian debian linux 8.0

debian debian linux 7.0

apple iphone os

apple mac os x

apple watchos

htacg tidy

Vendor Advisories

Debian CVElist Bug Report Logs: tidy: CVE-2015-5522 and CVE-2015-5523
Debian Bug report logs - #792571 tidy: CVE-2015-5522 and CVE-2015-5523 Package: src:tidy; Maintainer for src:tidy is Tidy HTML5 <tidy-html5@packagesdebianorg>; Reported by: Alessandro Ghedini <ghedo@debianorg> Date: Thu, 16 Jul 2015 11:33:01 UTC Severity: important Tags: jessie, patch, security, sid, squeeze, stre ...
Ubuntu Security Notice: tidy vulnerabilities
HTML Tidy could be made to crash or run programs if it processed specially crafted data ...
Debian Security Advisories: DSA-3309-1 tidy -- security update
Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code Geoff McLane also discovered that a similar issue could trigger an integer overflow, leading to a me ...

References

CWE-119http://www.openwall.com/lists/oss-security/2015/06/04/2http://www.ubuntu.com/usn/USN-2695-1http://www.openwall.com/lists/oss-security/2015/07/15/3http://www.debian.org/security/2015/dsa-3309http://www.openwall.com/lists/oss-security/2015/07/13/7https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlhttps://support.apple.com/HT205212https://support.apple.com/HT205267http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2015/Sep/msg00005.htmlhttps://support.apple.com/HT205213http://www.securityfocus.com/bid/75037http://www.securitytracker.com/id/1033703https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792571https://usn.ubuntu.com/2695-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook