In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value. Upstream issue: https://github.com/htacg/tidy-html5/issues/656
Created tidy tracking bugs for this issue: Affects: epel-7 [bug 1485858] Affects: fedora-all [bug 1485859]