|
|
Log in / Subscribe / Register

tidy: two vulnerabilities

Package(s):tidy CVE #(s):CVE-2015-5522 CVE-2015-5523
Created:July 20, 2015 Updated:July 30, 2015
Description: From the Debian advisory:

Fernando Muñoz discovered that invalid HTML input passed to tidy, an HTML syntax checker and reformatter, could trigger a buffer overflow. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code.

Geoff McLane also discovered that a similar issue could trigger an integer overflow, leading to a memory allocation of 4GB. This could allow remote attackers to cause a denial of service by saturating the target's memory.

Alerts:
Ubuntu USN-2695-1 tidy 2015-07-29
Mageia MGASA-2015-0257 tidy 2015-07-05
openSUSE openSUSE-SU-2015:1050-1 tidy 2015-06-11
Debian-LTS DLA-273-1 tidy 2015-07-18
Debian DSA-3309-1 tidy 2015-07-18
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds