5
CVSSv2

CVE-2012-2825

Published: 27/06/2012 Updated: 28/01/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The XSL implementation in Google Chrome prior to 20.0.1132.43 allows remote malicious users to cause a denial of service (incorrect read operation) via unspecified vectors.

Affected Products

Vendor Product Versions
GoogleChrome20.0.1132.0, 20.0.1132.1, 20.0.1132.2, 20.0.1132.3, 20.0.1132.4, 20.0.1132.5, 20.0.1132.6, 20.0.1132.7, 20.0.1132.8, 20.0.1132.9, 20.0.1132.10, 20.0.1132.11, 20.0.1132.12, 20.0.1132.13, 20.0.1132.14, 20.0.1132.15, 20.0.1132.16, 20.0.1132.17, 20.0.1132.18, 20.0.1132.19, 20.0.1132.20, 20.0.1132.21, 20.0.1132.22, 20.0.1132.23, 20.0.1132.24, 20.0.1132.25, 20.0.1132.26, 20.0.1132.27, 20.0.1132.28, 20.0.1132.29, 20.0.1132.30, 20.0.1132.31, 20.0.1132.32, 20.0.1132.33, 20.0.1132.34, 20.0.1132.35, 20.0.1132.36, 20.0.1132.37, 20.0.1132.38, 20.0.1132.39, 20.0.1132.40, 20.0.1132.41, 20.0.1132.42

Vendor Advisories

Synopsis Important: libxslt security update Type/Severity Security Advisory: Important Topic Updated libxslt packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vul ...
Debian Bug report logs - #679283 CVE-2012-2825 Package: libxslt; Maintainer for libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Wed, 27 Jun 2012 15:21:09 UTC Severity: grave Tags: security Fixed in versions libxslt/11 ...
Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file ...
A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code ...

Github Repositories

A Crash Course to Radamsa Radamsa is a test case generator for robustness testing, aka a fuzzer It is typically used to test how well a program can withstand malformed and potentially malicious inputs It works by reading sample files of valid data and generating interestringly different outputs from them The main selling points of radamsa are that it has already found a s

A Crash Course to Radamsa Radamsa is a test case generator for robustness testing, aka a fuzzer It is typically used to test how well a program can withstand malformed and potentially malicious inputs It works by reading sample files of valid data and generating interestringly different outputs from them The main selling points of radamsa are that it has already found a s

A Crash Course to Radamsa Radamsa is a test case generator for robustness testing, aka a fuzzer It is typically used to test how well a program can withstand malformed and potentially malicious inputs It works by reading sample files of valid data and generating interestringly different outputs from them The main selling points of radamsa are that it has already found a s

No description, website, or topics provided.

Recent Articles

Hacking Team had RATted on Android: Trend Micro
The Register • Richard Chirgwin • 23 Jul 2015

Android had been p0wned from Ice Creams to Jelly Beans

The next piece of weaponised malware to emerge out of the Hacking Team leak has arrived: a Remote Access Trojan (RAT) for Android.
Trend Micro researchers trawling the 400 GB of leaked files apparently have the honour of first discovery: RCSAndroid, it says, is “one of the most professionally developed and sophisticated” pieces of Android malware* they've seen.
Compromised phones can't be cleaned without root privilege, and Trend says users would probably need their device manufa...