FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tidy -- heap-buffer-overflow

Affected packages
tidy4 <= 20000804_3
tidy-devel <= 090315.c_2
tidy-lib <= 090315.c_2
tidy-html5 < 4.9.31

Details

VuXML ID bd1ab7a5-0e01-11e5-9976-a0f3c100ae18
Discovery 2015-06-03
Entry 2015-06-08
Modified 2015-07-15

Geoff McLane reports:

tidy is affected by a write out of bounds when processing malformed html files.

This issue could be abused on server side applications that use php-tidy extension with user input.

The issue was confirmed, analyzed, and fixed by the tidy5 maintainer.

References

CVE Name CVE-2015-5522
CVE Name CVE-2015-5523
URL http://seclists.org/oss-sec/2015/q2/633
URL http://seclists.org/oss-sec/2015/q3/116
URL https://github.com/htacg/tidy-html5/issues/217