Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tidy
(Htacg)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-17 | CVE-2021-33391 | An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. | Tidy | 9.8 | ||
| 2017-12-10 | CVE-2017-17497 | In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value. | Tidy | N/A | ||
| 2017-08-25 | CVE-2017-13692 | In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | Tidy | 7.5 | ||
| 2015-08-11 | CVE-2015-5523 | The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | Iphone_os, Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Tidy | N/A | ||
| 2015-08-11 | CVE-2015-5522 | Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | Iphone_os, Mac_os_x, Watchos, Ubuntu_linux, Debian_linux, Tidy | N/A |