Debian Tidy-Html5 vulnerabilities

CVE-2025-6496 [MEDIUM] CVE-2025-6496: tidy-html5 - A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as pro... A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Scope: local bookworm: ope

CVE-2025-6497 [MEDIUM] CVE-2025-6497: tidy-html5 - A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as proble... A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Scope: local bookworm: open bullseye: open forky: ope

CVE-2025-6498 [MEDIUM] CVE-2025-6498: tidy-html5 - A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8... A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Scope: local bookworm: open bullseye: open forky: open sid: op

CVE-2021-33391 [CRITICAL] CVE-2021-33391: tidy-html5 - An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code vi... An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2:5.8.0-2) sid: resolved (fixed in 2:5.8.0-2) trixie: resolved (fixed in 2:5.8.0-2)

CVE-2017-17497 [HIGH] CVE-2017-17497: tidy-html5 - In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers t... In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value. Scope: local bookworm: resolved (fixed in 2:5.6.0-3) bullseye: resolved (fixed in 2:5.6.0-3) fo

CVE-2017-13692 [HIGH] CVE-2017-13692: tidy-html5 - In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause... In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved