CVE-2015-5523

NONE EPSS 88.8%
Published Aug 11, 201510y ago · Modified Jun 17, 20262w ago
Find Similar
Published Aug 11, 2015 10y ago
Last Modified Jun 17, 2026 2w ago

Description

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

Threat Intelligence

EPSS Exploit Probability
88.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 9

VendorProductVersionRange
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
canonicalubuntu_linux15.04any
debiandebian_linux7.0any
debiandebian_linux8.0any
appleiphone_os* ≤8.2
applemac_os_x* ≤10.6.8
applewatchos* ≤1.0.1
htacgtidy* ≤4.9.30

References 14

  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
    Mailing ListThird Party Advisory
  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
    Mailing ListThird Party Advisory
  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
    Mailing ListThird Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3309
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2015/06/04/2
    Exploit
  • openwall.com http://www.openwall.com/lists/oss-security/2015/07/13/7
    Exploit
  • openwall.com http://www.openwall.com/lists/oss-security/2015/07/15/3
  • securityfocus.com http://www.securityfocus.com/bid/75037
  • securitytracker.com http://www.securitytracker.com/id/1033703
  • ubuntu.com http://www.ubuntu.com/usn/USN-2695-1
    Third Party Advisory
  • github.com https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
    Exploit
  • support.apple.com https://support.apple.com/HT205212
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT205213
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT205267
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.