The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and previous versions, as used in Google Chrome prior to 10.0.648.127 and other products, allows remote malicious users to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
xmlsoft libxslt |