CVE-2021-33391Use After Free in Tidy-html5

CWE-416Use After Free6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Htacg Tidy-html5Debian Tidy-html5Htacg Tidy+5 more
Timeline
PublishedFeb 17
Latest updateNov 15

Description

An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

Debianhtacg/tidy-html5< 2:5.8.0-2+1
debiandebian/tidy-html5< tidy-html5 2:5.8.0-2 (forky)
NVDhtacg/tidy5.7.28

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-wfrp-xv2m-8j85: An issue in HTACG HTML Tidy v52023-02-17
OSV
CVE-2021-33391: An issue in HTACG HTML Tidy v52023-02-17

📋Vendor Advisories

3
Ubuntu
HTML Tidy vulnerability2023-11-15
Microsoft
An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.2023-02-14
Debian
CVE-2021-33391: tidy-html5 - An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code vi...2021