Launchpad.net

CVE 2017-17497

In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.

See the CVE page on Mitre.org for more details.

References