CVE-2015-5523 on Ubuntu 12.04 LTS (precise) - low.
Description:
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.