CVE-2015-5523

2015-08-11T14:59:00
ID CVE-2015-5523
Type cve
Reporter cve@mitre.org
Modified 2016-12-08T03:10:00

Description

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.