Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-2870

Published: 31/08/2012 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Iphone Os

Vulnerability Summary

libxslt 1.1.26 and previous versions, as used in Google Chrome prior to 21.0.1180.89, does not properly manage memory, which might allow remote malicious users to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os 6.1.2

apple iphone os 3.0

apple iphone os 3.2

apple iphone os 3.1.3

apple iphone os 1.0.2

apple iphone os 4.3.2

apple iphone os 4.0.2

apple iphone os

apple iphone os 2.2

apple iphone os 1.1.1

apple iphone os 6.1.3

apple iphone os 5.1

apple iphone os 4.2.8

apple iphone os 6.0.2

apple iphone os 4.1

apple iphone os 2.0.0

apple iphone os 3.1.2

apple iphone os 3.0.1

apple iphone os 4.3.1

apple iphone os 4.2.5

apple iphone os 1.1.2

apple iphone os 3.1

apple iphone os 1.1.3

apple iphone os 1.1.0

apple iphone os 1.0.1

apple iphone os 2.1

apple iphone os 6.0

apple iphone os 4.3.5

apple iphone os 6.1

apple iphone os 4.2.1

apple iphone os 1.1.5

apple iphone os 4.0.1

apple iphone os 4.3.3

apple iphone os 5.0.1

apple iphone os 2.1.1

apple iphone os 1.1.4

apple iphone os 5.0

apple iphone os 1.0.0

apple iphone os 5.1.1

apple iphone os 2.0.2

apple iphone os 2.0

apple iphone os 2.0.1

apple iphone os 4.0

apple iphone os 4.3.0

apple iphone os 2.2.1

apple iphone os 3.2.1

apple iphone os 3.2.2

apple iphone os 6.0.1

xmlsoft libxslt 1.1.11

google chrome 21.0.1180.62

google chrome 21.0.1180.82

xmlsoft libxslt 1.1.8

xmlsoft libxslt 1.1.15

google chrome 21.0.1180.73

google chrome 21.0.1180.77

google chrome 21.0.1180.46

google chrome 21.0.1180.1

xmlsoft libxslt 1.1.19

google chrome 21.0.1180.76

google chrome 21.0.1180.61

xmlsoft libxslt 1.1.23

google chrome 21.0.1180.79

xmlsoft libxslt 1.1.14

xmlsoft libxslt

google chrome 21.0.1180.55

google chrome 21.0.1180.71

xmlsoft libxslt 1.1.24

google chrome 21.0.1180.78

google chrome 21.0.1180.31

google chrome 21.0.1180.37

xmlsoft libxslt 1.1.18

google chrome 21.0.1180.49

google chrome 21.0.1180.33

google chrome 21.0.1180.87

xmlsoft libxslt 1.1.10

google chrome 21.0.1180.52

google chrome 21.0.1180.38

google chrome 21.0.1180.0

google chrome 21.0.1180.57

google chrome 21.0.1180.85

google chrome 21.0.1180.2

google chrome 21.0.1180.56

xmlsoft libxslt 1.1.21

google chrome

google chrome 21.0.1180.50

google chrome 21.0.1180.83

xmlsoft libxslt 1.1.13

google chrome 21.0.1180.64

google chrome 21.0.1180.60

google chrome 21.0.1180.32

xmlsoft libxslt 1.1.20

google chrome 21.0.1180.84

google chrome 21.0.1180.48

xmlsoft libxslt 1.1.22

google chrome 21.0.1180.70

google chrome 21.0.1180.74

google chrome 21.0.1180.51

google chrome 21.0.1180.41

google chrome 21.0.1180.35

google chrome 21.0.1180.72

google chrome 21.0.1180.36

google chrome 21.0.1180.39

xmlsoft libxslt 1.1.16

xmlsoft libxslt 1.1.9

google chrome 21.0.1180.59

google chrome 21.0.1180.53

google chrome 21.0.1180.75

google chrome 21.0.1180.68

google chrome 21.0.1180.47

google chrome 21.0.1180.63

xmlsoft libxslt 1.1.12

google chrome 21.0.1180.54

google chrome 21.0.1180.86

google chrome 21.0.1180.34

google chrome 21.0.1180.80

google chrome 21.0.1180.81

google chrome 21.0.1180.69

xmlsoft libxslt 1.1.17

Vendor Advisories

Red Hat: Important: libxslt security update
Synopsis Important: libxslt security update Type/Severity Security Advisory: Important Topic Updated libxslt packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vul ...
Debian CVElist Bug Report Logs: libxslt: Three security issues
Debian Bug report logs - #689422 libxslt: Three security issues Package: libxslt; Maintainer for libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 2 Oct 2012 12:54:04 UTC Severity: grave Tags: patch, security Fixed in version ...
Ubuntu Security Notice: libxslt vulnerabilities
Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file ...
Debian Security Advisories: DSA-2555-1 libxslt -- several vulnerabilities
Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed For the stable distribution (squeeze), these problems have been fixed in version 1126-6+squeeze2 For the unstable distribution (sid), these problems h ...
Amazon Linux AMI: ALAS-2012-123
A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code ...

References

CWE-399http://code.google.com/p/chromium/issues/detail?id=138672https://chromiumcodereview.appspot.com/10823168http://secunia.com/advisories/50838http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlhttp://www.debian.org/security/2012/dsa-2555http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998http://support.apple.com/kb/HT6001http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.htmlhttp://secunia.com/advisories/54886http://support.apple.com/kb/HT5934http://code.google.com/p/chromium/issues/detail?id=140368https://chromiumcodereview.appspot.com/10830177http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=loghttp://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:164http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=loghttp://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlhttps://access.redhat.com/errata/RHSA-2012:1265https://usn.ubuntu.com/1595-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook