php-tidy vulnerabilities

Known vulnerabilities in the php-tidy package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Improper Input Validation	*
M Information Exposure	*
L Null Byte Interaction Error (Poison Null Byte)	*
M Improper Input Validation	*
M Unchecked Return Value	*
L Out-of-bounds Write	*
M Allocation of Resources Without Limits or Throttling	*
L Reversible One-Way Hash	*
M Integer Overflow or Wraparound	*
M Integer Overflow to Buffer Overflow	*
M Improper Input Validation	*
L Uncontrolled Recursion	*
M Improper Input Validation	*
M Out-of-Bounds	*
M Use After Free	<0:5.3.3-46.el6_6
M Heap-based Buffer Overflow	<0:5.3.3-27.el6_5.1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:5.3.3-27.el6_5.1
M Integer Overflow or Wraparound	<0:5.3.3-27.el6_5.1
M Heap-based Buffer Overflow	<0:5.3.3-27.el6_5.1
C Improper Handling of Length Parameter Inconsistency	<0:5.3.3-27.el6_5
M Information Exposure	<0:5.3.3-26.el6
M Improper Input Validation	<0:5.3.3-26.el6
M Null Byte Interaction Error (Poison Null Byte)	<0:5.3.3-26.el6
C Out-of-Bounds	<0:5.3.3-23.el6_4
M Improper Input Validation	<0:5.3.3-22.el6
M Improper Input Validation	<0:5.3.3-22.el6
M CVE-2012-2688	<0:5.3.3-22.el6
M Improper Input Validation	<0:5.3.3-48.el6_8
M Improper Handling of Syntactically Invalid Structure	<0:5.3.3-14.el6_3
M Integer Overflow or Wraparound	<0:5.3.3-14.el6_3
M Use of Externally-Controlled Format String	<0:5.3.3-14.el6_3
M NULL Pointer Dereference	<0:5.3.3-14.el6_3
M NULL Pointer Dereference	<0:5.3.3-14.el6_3
M Access Restriction Bypass	<0:5.3.3-14.el6_3
M Improper Input Validation	<0:5.3.3-14.el6_3
M Memory Leak	<0:5.3.3-14.el6_3
M Cryptographic Issues	<0:5.3.3-14.el6_3
C Improper Input Validation	<0:5.3.3-3.el6_2.8
C Improper Handling of Syntactically Invalid Structure	<0:5.3.3-3.el6_2.6
M Improper Input Validation	<0:5.3.3-3.el6_2.5
M Integer Overflow or Wraparound	<0:5.3.3-3.el6_2.5
M Out-of-Bounds	<0:5.3.3-3.el6_1.3
M Use After Free	<0:5.3.3-3.el6_1.3
M Numeric Errors	<0:5.3.3-3.el6_1.3
M Numeric Errors	<0:5.3.3-3.el6_1.3
M Access Restriction Bypass	<0:5.3.3-3.el6_1.3
M Stack-based Buffer Overflow	<0:5.3.3-3.el6_1.3
M Memory Leak	<0:5.3.3-3.el6_1.3
M CVE-2011-1469	<0:5.3.3-3.el6_1.3
M Cryptographic Issues	<0:5.3.3-3.el6_1.3
M Null Byte Interaction Error (Poison Null Byte)	<0:5.3.3-46.el6_6
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-46.el6_6
M Use After Free	<0:5.3.3-46.el6_6
M Algorithmic Complexity	<0:5.3.3-46.el6_6
M Integer Overflow or Wraparound	<0:5.3.3-46.el6_6
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-46.el6_6
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-46.el6_6
M Use After Free	<0:5.3.3-46.el6_6
M Untrusted Pointer Dereference	<0:5.3.3-46.el6_6
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-46.el6_6
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-46.el6_6
M Use After Free	<0:5.3.3-46.el6_6
M Heap-based Buffer Overflow	<0:5.3.3-46.el6_6
M Null Byte Interaction Error (Poison Null Byte)	<0:5.3.3-46.el6_6
M Null Byte Interaction Error (Poison Null Byte)	<0:5.3.3-46.el6_6
M Null Byte Interaction Error (Poison Null Byte)	<0:5.3.3-46.el6_6
M Stack-based Buffer Overflow	<0:5.3.3-46.el6_6
M Integer Overflow or Wraparound	<0:5.3.3-46.el6_6
M Improper Input Validation	<0:5.3.3-46.el6_6
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-46.el6_6
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-46.el6_6
M Out-of-Bounds	<0:5.3.3-46.el6_6
M Out-of-Bounds	<0:5.3.3-46.el6_6
M Integer Overflow or Wraparound	<0:5.3.3-46.el6_6
M Numeric Errors	<0:5.3.2-6.el6_0.1
M Cross-site Scripting (XSS)	<0:5.3.2-6.el6_0.1
M Cross-site Scripting (XSS)	<0:5.3.2-6.el6_0.1
M NULL Pointer Dereference	<0:5.3.2-6.el6_0.1
H Out-of-bounds Read	<0:5.3.3-40.el6_6
H Out-of-bounds Read	<0:5.3.3-40.el6_6
H Out-of-Bounds	<0:5.3.3-40.el6_6
H Integer Overflow or Wraparound	<0:5.3.3-40.el6_6
M Integer Overflow or Wraparound	<0:5.3.3-27.el6_5.2
M Out-of-bounds Read	<0:5.3.3-27.el6_5.2
M NULL Pointer Dereference	<0:5.3.3-27.el6_5.2
M Use After Free	<0:5.3.3-27.el6_5.2
M Use After Free	<0:5.3.3-27.el6_5.2
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-27.el6_5.1
M Heap-based Buffer Overflow	<0:5.3.3-27.el6_5.1
M Numeric Errors	<0:5.3.3-27.el6_5.1
M Algorithmic Complexity	<0:5.3.3-27.el6_5.1
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:5.3.3-27.el6_5.1
M Improper Input Validation	<0:5.3.3-27.el6_5.1
M Access of Resource Using Incompatible Type ('Type Confusion')	<0:5.3.3-27.el6_5.1
C Improper Input Validation	<0:5.3.3-50.el6_10
M NULL Pointer Dereference	*
M Improper Access Control	*
M Out-of-Bounds	*
M Out-of-Bounds	*
M Improper Initialization	*
L Out-of-bounds Read	*
M Out-of-bounds Read	*
M Incorrect Privilege Assignment	*
L Heap-based Buffer Overflow	*
L Heap-based Buffer Overflow	*
M Out-of-Bounds	*
M Heap-based Buffer Overflow	*
L Out-of-bounds Read	*
M Out-of-bounds Read	*
M Out-of-bounds Read	*
M Out-of-bounds Read	*
M Cross-site Scripting (XSS)	*
M Uncontrolled Recursion	*
M Use After Free	*
M OS Command Injection	*
L Buffer Overflow	*
M Integer Overflow or Wraparound	*
L Out-of-bounds Read	*
M Out-of-bounds Read	*
L Buffer Overflow	*
M Improper Null Termination	*
L Integer Overflow or Wraparound	*
M Out-of-bounds Read	*
L Heap-based Buffer Overflow	*
L Heap-based Buffer Overflow	*
L Heap-based Buffer Overflow	*
L Out-of-bounds Read	*
M Cross-site Scripting (XSS)	*
L Out-of-bounds Read	*
M Cross-site Scripting (XSS)	*
L Out-of-bounds Read	*
M NULL Pointer Dereference	*
L Improper Authentication	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Out-of-bounds Write	*
M Heap-based Buffer Overflow	*
M Out-of-bounds Read	*
M Out-of-bounds Write	*
M Out-of-bounds Read	*
M Improper Input Validation	*
L Server-Side Request Forgery (SSRF)	*
M Use After Free	*
M Missing Initialization of a Variable	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
M Improper Input Validation	*
M Out-of-Bounds	*
M Improper Input Validation	*
L Information Exposure	*
M Incorrect Check of Function Return Value	*
M Use After Free	*
M Use After Free	*
M Out-of-bounds Read	*
L NULL Pointer Dereference	*
L Improper Input Validation	*
M Use After Free	*
M Use After Free	*
M Stack-based Buffer Overflow	*
M Missing Initialization of a Variable	*
M CVE-2016-7478	*
M Use After Free	*
M Unchecked Return Value	*
M NULL Pointer Dereference	*
M Out-of-bounds Read	*
M Stack-based Buffer Overflow	*
M Heap-based Buffer Overflow	*
M Use After Free	*
M Use After Free	*
M NULL Pointer Dereference	*
L Use After Free	*
M NULL Pointer Dereference	*
M Integer Overflow or Wraparound	*
M Integer Overflow or Wraparound	*
M NULL Pointer Dereference	*
M Improper Input Validation	*
M Out-of-bounds Write	*
M Information Exposure	*
M Out-of-bounds Write	*
M Arbitrary Code Injection	*
M Detection of Error Condition Without Action	*
M Deserialization of Untrusted Data	*
M Unchecked Error Condition	*
M Incorrect Type Conversion or Cast	*
L Stack-based Buffer Overflow	*
L Out-of-bounds Read	*
M Out-of-Bounds	*
M Improper Input Validation	*
M Integer Overflow or Wraparound	*
M Use After Free	*
L NULL Pointer Dereference	*
L Out-of-bounds Read	*
M Improper Input Validation	*
M Use After Free	*
L Use After Free	*
M Use After Free	*
M Out-of-bounds Write	*
L Integer Overflow or Wraparound	*
L Improper Null Termination	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Heap-based Buffer Overflow	*
L Heap-based Buffer Overflow	*
M Improper Input Validation	*
L Improper Input Validation	*
M Missing Initialization of a Variable	*
L Use After Free	*
M Improper Initialization	*
M Integer Overflow or Wraparound	*
M Integer Overflow or Wraparound	*
M Out-of-bounds Write	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
M Use After Free	*
L Out-of-bounds Read	*
M Heap-based Buffer Overflow	*
L Stack-based Buffer Overflow	*
M Integer Overflow or Wraparound	*
M Improper Input Validation	*
L Improper Input Validation	*
M Off-by-one Error	*
M Improper Handling of Syntactically Invalid Structure	*
M NULL Pointer Dereference	*
M Off-by-one Error	*
M Integer Overflow or Wraparound	*
M Incorrect Calculation	*
M Out-of-bounds Read	*
L Improper Input Validation	*
M HTTP Response Splitting	*
L Uncontrolled Recursion	*
M Cryptographic Issues	*
L Uncontrolled Recursion	*
L CVE-2015-8866	*
L Buffer Overflow	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
M Untrusted Pointer Dereference	*
M NULL Pointer Dereference	*
L NULL Pointer Dereference	*
L NULL Pointer Dereference	*
L Use After Free	*
L Access of Resource Using Incompatible Type ('Type Confusion')	*
M Directory Traversal	*
M CVE-2015-6832	*
M Use After Free	*
M Integer Overflow or Wraparound	*
M Out-of-Bounds	*
M Improper Input Validation	*
L NULL Pointer Dereference	*
L Use After Free	*
L Link Following	*
M Numeric Errors	*
L Integer Overflow or Wraparound	*
L Access Restriction Bypass	*
M Stack-based Buffer Overflow	*
L Information Exposure	*
M Directory Traversal	*
L Out-of-bounds Read	*
M Use of Externally-Controlled Format String	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L CVE-2011-0421	*
L Missing Release of Resource after Effective Lifetime	*
L Insecure Temporary File	*
M Access Restriction Bypass	*
L Insecure Temporary File	*
M Resource Exhaustion	*
M Improper Input Validation	*
L Improper Input Validation	*
M Session Fixation	*

Vulnerability

Vulnerable Version

Improper Input Validation