CVE-2025-6498

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-6498
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-6498.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-6498
Downstream
Published
2025-06-23T02:15:20Z
Modified
2025-07-01T16:33:43.635134Z
Summary
[none]
Details

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

References

Affected packages

Debian:11 / tidy-html5

Package

Name
tidy-html5
Purl
pkg:deb/debian/tidy-html5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:5.*

2:5.6.0-11
2:5.7.45-1~exp1
2:5.8.0-1~exp1
2:5.8.0-1~exp2
2:5.8.0-1
2:5.8.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tidy-html5

Package

Name
tidy-html5
Purl
pkg:deb/debian/tidy-html5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:5.*

2:5.6.0-11
2:5.7.45-1~exp1
2:5.8.0-1~exp1
2:5.8.0-1~exp2
2:5.8.0-1
2:5.8.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tidy-html5

Package

Name
tidy-html5
Purl
pkg:deb/debian/tidy-html5?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:5.*

2:5.6.0-11
2:5.7.45-1~exp1
2:5.8.0-1~exp1
2:5.8.0-1~exp2
2:5.8.0-1
2:5.8.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}