rpm package
suse/tidy&distro=SUSE Linux Enterprise Software Development Kit 12
pkg:rpm/suse/tidy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5523 | — | < 1.0.20100204cvs-25.3 | 1.0.20100204cvs-25.3 | Aug 11, 2015 | The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | ||
| CVE-2015-5522 | — | < 1.0.20100204cvs-25.3 | 1.0.20100204cvs-25.3 | Aug 11, 2015 | Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. |
- CVE-2015-5523Aug 11, 2015affected < 1.0.20100204cvs-25.3fixed 1.0.20100204cvs-25.3
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
- CVE-2015-5522Aug 11, 2015affected < 1.0.20100204cvs-25.3fixed 1.0.20100204cvs-25.3
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.