CVE-2025-6498

NameCVE-2025-6498
DescriptionA vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1108233

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tidy-html5 (PTS)bookworm, bullseye2:5.6.0-11vulnerable
sid, trixie2:5.8.0-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tidy-html5source(unstable)(unfixed)1108233

Notes

https://github.com/htacg/tidy-html5/issues/1152
Search for package or bug name: Reporting problems