Description
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.
Remediation
References
Related Vulnerabilities
Java Unspesificed Vulnerability (CVE-2020-14803)
ownCloud Improper Privilege Management Vulnerability (CVE-2020-36251)
WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)
Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-12458)
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)