In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-25