VYPR
Vendor

Htacg

Products
2
CVEs
8
Across products
10
Status
Private

Products

2

Recent CVEs

8
  • CVE-2017-17497HigDec 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.

  • CVE-2017-13692HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.01

    In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.

  • CVE-2025-6498LowJun 23, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the…

  • CVE-2025-6497LowJun 23, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been…

  • CVE-2025-6496LowJun 23, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack.…

  • CVE-2021-33391Feb 17, 2023
    risk 0.00cvss epss 0.01

    An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.

  • CVE-2015-5523Aug 11, 2015
    risk 0.00cvss epss 0.04

    The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

  • CVE-2015-5522Aug 11, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.