Vulnerabilities (CVE)

Filtered by vendor Htacg Subscribe
Filtered by product Tidy
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33391 2 Htacg, Linux 2 Tidy, Linux Kernel 2024-02-04 N/A 9.8 CRITICAL
An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.
CVE-2017-17497 1 Htacg 1 Tidy 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.
CVE-2017-13692 1 Htacg 1 Tidy 2024-02-04 5.0 MEDIUM 7.5 HIGH
In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.
CVE-2015-5523 4 Apple, Canonical, Debian and 1 more 6 Iphone Os, Mac Os X, Watchos and 3 more 2024-02-04 4.3 MEDIUM N/A
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
CVE-2015-5522 4 Apple, Canonical, Debian and 1 more 6 Iphone Os, Mac Os X, Watchos and 3 more 2024-02-04 6.8 MEDIUM N/A
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.