Primary

Context

HTACG Tidy-HTML5 Assertion Vulnerability in Parser Namespace Function

Vulnerability

An assertion vulnerability has been identified in HTACG Tidy-HTML5 version 5.8.0. This issue arises in the 'prvTidyParseNamespace' function within 'src/parser.c', where a reachable assertion leads to a denial-of-service condition. The vulnerability requires local exploitation.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by triggering an assertion failure, which leads to the application aborting.

Reproduction

The vulnerability can be reproduced by compiling Tidy-HTML5 with Clang, using address sanitization and Fuzzer integration. After compiling the application, the fuzzer can be run with a proof-of-concept input that triggers the assertion failure.

Added: Jun 23, 2025, 1:35 AM

Updated: Jun 23, 2025, 1:35 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTACG Tidy-HTML5 Assertion Vulnerability in Parser Namespace Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating