{"id":"USN-2695-1","summary":"tidy vulnerabilities","details":"Fernando Muñoz discovered that HTML Tidy incorrectly handled memory. If a\nuser or automated system were tricked into processing specially crafted\ndata, applications linked against HTML Tidy could be made to crash, leading\nto a denial of service, or possibly execute arbitrary code.\n","modified":"2026-04-22T09:15:00.241005Z","published":"2015-07-29T18:24:15Z","related":["UBUNTU-CVE-2015-5522","UBUNTU-CVE-2015-5523"],"upstream":["CVE-2015-5522","CVE-2015-5523","UBUNTU-CVE-2015-5522","UBUNTU-CVE-2015-5523"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2695-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5522"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-5523"}],"affected":[{"package":{"name":"tidy","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/tidy@20091223cvs-1.2ubuntu1.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20091223cvs-1.2ubuntu1.1"}]}],"versions":["20091223cvs-1.2","20091223cvs-1.2ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libtidy-0.99-0","binary_version":"20091223cvs-1.2ubuntu1.1"},{"binary_name":"tidy","binary_version":"20091223cvs-1.2ubuntu1.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2695-1.json","cves_map":{"cves":[{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2015-5522"},{"severity":[{"type":"Ubuntu","score":"low"}],"id":"CVE-2015-5523"}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}