Computer Security
[EN] no-pyccku

libxslt DoS
updated since 02.04.2013
SecurityVulns ID:12980
Threat Level:
Description:Crash on XSLT documents parsing.
Affected:LIBXSLT : libxslt 1.1
CVE:CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.)
 CVE-2012-6139 (libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.)
 CVE-2012-2825 (The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:006 ] libxslt (19.01.2014)
 documentUBUNTU, [USN-1784-1] libxslt vulnerability (02.04.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod