CVE-2015-5523

Published August 11th, 2015

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

htacg/tidy-html5

The granddaddy of HTML tools, with support for modern standards

GitHub

2.84K