Vulnerabilities > Htacg
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2021-33391 | Use After Free vulnerability in Htacg Tidy 5.7.28 An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. | 9.8 |
| 2017-12-10 | CVE-2017-17497 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Htacg Tidy 5.7.0 In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value. | 5.0 |
| 2017-08-25 | CVE-2017-13692 | Improper Input Validation vulnerability in Htacg Tidy 5.5.31 In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | 5.0 |
| 2015-08-11 | CVE-2015-5523 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | 4.3 |
| 2015-08-11 | CVE-2015-5522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | 6.8 |