Heap-Based Buffer Overflow in Tidy Product from Apple and Ubuntu
CVE-2015-5522

Currently unrated

Key Information:

Vendor

Htacg

Status
Tidy
Vendor
CVE Published:
11 August 2015

What is CVE-2015-5522?

A heap-based buffer overflow exists in the ParseValue function of Tidy software prior to version 4.9.31. This vulnerability enables remote attackers to exploit the software by sending specially crafted href command characters, potentially leading to denial of service through application crashes. Users are advised to update to secure versions and maintain best practices in software security management.

References

http://www.securitytracker.com/id/1033703
vdb-entryx_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2015/07/13/7
mailing-listx_refsource_MLIST
https://support.apple.com/HT205212
x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.