4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.015 Low
EPSS
Percentile
86.9%
Package : tidy
Version : 20091223cvs-1+deb6u1
CVE ID : CVE-2015-5522 CVE-2015-5523
Debian Bug : 792571
Fernando Muñoz discovered a security issue on the HTML syntax checker and
reformatter tidy. Tidy did not properly process specific character sequences,
and a remote attacker could exploit this flaw to cause a DoS, or probably,
execute arbitrary code. Two different CVEs were assigned to this issue.
CVE-2015-5522
Malformed html documents could lead to a heap-buffer-overflow.
CVE-2015-5523
Malformed html documents could lead to allocate 4Gb of memory.
For the Squeeze distribution, this issue has been fixed in the
20091223cvs-1+deb6u1 version of tidy.
We recommend that you upgrade your tidy packages.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armhf | tidy | < 20091223cvs-1.2+deb7u1 | tidy_20091223cvs-1.2+deb7u1_armhf.deb |
Debian | 8 | kfreebsd-i386 | tidy | < 20091223cvs-1.4+deb8u1 | tidy_20091223cvs-1.4+deb8u1_kfreebsd-i386.deb |
Debian | 8 | ppc64el | libtidy-dev | < 20091223cvs-1.4+deb8u1 | libtidy-dev_20091223cvs-1.4+deb8u1_ppc64el.deb |
Debian | 7 | mipsel | libtidy-dev | < 20091223cvs-1.2+deb7u1 | libtidy-dev_20091223cvs-1.2+deb7u1_mipsel.deb |
Debian | 7 | ia64 | libtidy-0.99-0 | < 20091223cvs-1.2+deb7u1 | libtidy-0.99-0_20091223cvs-1.2+deb7u1_ia64.deb |
Debian | 7 | i386 | libtidy-0.99-0 | < 20091223cvs-1.2+deb7u1 | libtidy-0.99-0_20091223cvs-1.2+deb7u1_i386.deb |
Debian | 8 | i386 | tidy | < 20091223cvs-1.4+deb8u1 | tidy_20091223cvs-1.4+deb8u1_i386.deb |
Debian | 8 | all | tidy-doc | < 20091223cvs-1.4+deb8u1 | tidy-doc_20091223cvs-1.4+deb8u1_all.deb |
Debian | 8 | all | tidy | < 20091223cvs-1.4+deb8u1 | tidy_20091223cvs-1.4+deb8u1_all.deb |
Debian | 7 | powerpc | libtidy-dev | < 20091223cvs-1.2+deb7u1 | libtidy-dev_20091223cvs-1.2+deb7u1_powerpc.deb |