CVE-2015-5523
NONE EPSS 88.8%
Published Aug 11, 201510y ago · Modified Jun 17, 20262w ago
Published Aug 11, 2015 10y ago
Last Modified Jun 17, 2026 2w ago
Description
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
Threat Intelligence
EPSS Exploit Probability
88.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 9
References 14
- lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
- lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
- lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- debian.org http://www.debian.org/security/2015/dsa-3309
- openwall.com http://www.openwall.com/lists/oss-security/2015/06/04/2
- openwall.com http://www.openwall.com/lists/oss-security/2015/07/13/7
- openwall.com http://www.openwall.com/lists/oss-security/2015/07/15/3
- securityfocus.com http://www.securityfocus.com/bid/75037
- securitytracker.com http://www.securitytracker.com/id/1033703
- ubuntu.com http://www.ubuntu.com/usn/USN-2695-1
- github.com https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
- support.apple.com https://support.apple.com/HT205212
- support.apple.com https://support.apple.com/HT205213
- support.apple.com https://support.apple.com/HT205267
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.