Computer Security
[EN] securityvulns.ru no-pyccku


tidy security vulnerabilities
Published:20.07.2015
Source:
SecurityVulns ID:14600
Type:client
Threat Level:
5/10
Description:Buffer overflow and integer overflow on HTML parsing.
CVE:CVE-2015-5523 (The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.)
 CVE-2015-5522 (Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3309-1] tidy security update (20.07.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod