The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | n/a |