VYPR

rpm package

suse/tidy&distro=SUSE Linux Enterprise Software Development Kit 12

pkg:rpm/suse/tidy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Vulnerabilities (2)

  • CVE-2015-5523Aug 11, 2015
    affected < 1.0.20100204cvs-25.3fixed 1.0.20100204cvs-25.3

    The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

  • CVE-2015-5522Aug 11, 2015
    affected < 1.0.20100204cvs-25.3fixed 1.0.20100204cvs-25.3

    Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.