EUVD-2025-18857
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4Description
A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Analysis
A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Technical Context
A NULL pointer dereference occurs when the application attempts to use a pointer that has not been initialized or has been set to NULL. This vulnerability is classified as Improper Resource Shutdown or Release (CWE-404).
Affected Products
Affected: HTACG tidy-html5 5
Remediation
Add NULL checks before pointer dereference operations. Use static analysis to identify potential NULL pointer issues. Enable compiler warnings.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| upstream | needs-triage | - |
| bionic | deferred | 2026-03-11 |
| focal | deferred | 2026-03-11 |
| jammy | deferred | 2026-03-11 |
| noble | deferred | 2026-03-11 |
| oracular | ignored | end of life, was deferred [2026-03-11] |
| plucky | ignored | end of life, was deferred [2026-03-11] |
| questing | deferred | 2026-03-11 |
Debian
Bug #1108235| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm, bullseye | vulnerable | 2:5.6.0-11 | - |
| trixie | vulnerable | 2:5.8.0-2 | - |
| forky, sid | vulnerable | 2:5.8.0-2.1 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today