Search CVE reports
1 – 3 of 3 results
CVE-2021-33391
Medium prioritySome fixes available 6 of 8
An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.
1 affected package
tidy-html5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tidy-html5 | Fixed | Fixed | Fixed | Vulnerable | Ignored |
CVE-2017-17497
Low priorityIn Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the...
2 affected packages
tidy, tidy-html5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tidy | — | — | Not in release | Not in release | Not affected |
| tidy-html5 | — | — | Not affected | Not affected | Not in release |
CVE-2017-13692
Medium priorityIn Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.
2 affected packages
tidy, tidy-html5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| tidy | — | — | — | — | Not affected |
| tidy-html5 | — | — | — | — | Not in release |