In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. Upstream bug: https://github.com/htacg/tidy-html5/issues/588
Created tidy tracking bugs for this issue: Affects: epel-7 [bug 1485858] Affects: fedora-all [bug 1485859]