Published: 23/05/2008 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in pattern.c in libxslt prior to 1.1.24 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux 3.0
redhat enterprise linux desktop workstation 5
redhat linux advanced workstation 2.1
redhat desktop 3
redhat enterprise linux 4.0
redhat enterprise linux 2.1
redhat enterprise linux desktop 4
redhat enterprise linux desktop 5
redhat enterprise linux 5.0

Debian Bug report logs - #482664 CVE-2008-1767: buffver overflow in patternc Package: libxslt11; Maintainer for libxslt11 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxslt11 is src:libxslt (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Da ...

It was discovered that long transformation matches in libxslt could overflow If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of serivce (CVE-2008-1767) ...

source: wwwsecurityfocuscom/bid/29312/info The 'libxslt' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected ...

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1767

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect