CVE-2017-17497

In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service Segmentation Fault, because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value...

CVE-2017-13692

In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service Segmentation Fault, as demonstrated by an invalid ISALNUM argument...

Tidy 'tmbstr.c' Heap Buffer Overflow Vulnerability

Tidy is a software and library of functions for correcting and cleaning up errors and neatly aligning code in HTML files. Tidy suffers from a heap buffer overflow vulnerability that could be exploited to crash an application or execute arbitrary code...

php: tidy_diagnose() NULL pointer dereference may cause DoS

The tidydiagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153...