EUVD-2025-18860
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4Description
A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Analysis
A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Technical Context
This vulnerability is classified as Reachable Assertion (CWE-617).
Affected Products
Affected: HTACG tidy-html5 5
Remediation
Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| upstream | needs-triage | - |
| bionic | deferred | 2026-03-11 |
| focal | deferred | 2026-03-11 |
| jammy | deferred | 2026-03-11 |
| noble | deferred | 2026-03-11 |
| oracular | ignored | end of life, was deferred [2026-03-11] |
| plucky | ignored | end of life, was deferred [2026-03-11] |
| questing | deferred | 2026-03-11 |
Debian
Bug #1108234| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bookworm, bullseye | vulnerable | 2:5.6.0-11 | - |
| trixie | vulnerable | 2:5.8.0-2 | - |
| forky, sid | vulnerable | 2:5.8.0-2.1 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today