Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-2871

Published: 31/08/2012 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 607
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Iphone Os

Vulnerability Summary

libxml2 2.9.0-rc1 and previous versions, as used in Google Chrome prior to 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote malicious users to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os 6.1.2

apple iphone os 3.0

apple iphone os 3.2

apple iphone os 3.1.3

apple iphone os 1.0.2

apple iphone os 4.3.2

apple iphone os 4.0.2

apple iphone os

apple iphone os 2.2

apple iphone os 1.1.1

apple iphone os 6.1.3

apple iphone os 5.1

apple iphone os 4.2.8

apple iphone os 6.0.2

apple iphone os 4.1

apple iphone os 2.0.0

apple iphone os 3.1.2

apple iphone os 3.0.1

apple iphone os 4.3.1

apple iphone os 4.2.5

apple iphone os 1.1.2

apple iphone os 3.1

apple iphone os 1.1.3

apple iphone os 1.1.0

apple iphone os 1.0.1

apple iphone os 2.1

apple iphone os 6.0

apple iphone os 4.3.5

apple iphone os 6.1

apple iphone os 4.2.1

apple iphone os 1.1.5

apple iphone os 4.0.1

apple iphone os 4.3.3

apple iphone os 5.0.1

apple iphone os 2.1.1

apple iphone os 1.1.4

apple iphone os 5.0

apple iphone os 1.0.0

apple iphone os 5.1.1

apple iphone os 2.0.2

apple iphone os 2.0

apple iphone os 2.0.1

apple iphone os 4.0

apple iphone os 4.3.0

apple iphone os 2.2.1

apple iphone os 3.2.1

apple iphone os 3.2.2

apple iphone os 6.0.1

google chrome 21.0.1180.62

google chrome 21.0.1180.82

google chrome 21.0.1180.73

google chrome 21.0.1180.77

xmlsoft libxml2

google chrome 21.0.1180.46

google chrome 21.0.1180.1

google chrome 21.0.1180.76

google chrome 21.0.1180.61

google chrome 21.0.1180.79

google chrome 21.0.1180.55

google chrome 21.0.1180.71

google chrome 21.0.1180.78

google chrome 21.0.1180.31

google chrome 21.0.1180.37

google chrome 21.0.1180.49

google chrome 21.0.1180.33

google chrome 21.0.1180.87

google chrome 21.0.1180.52

google chrome 21.0.1180.38

google chrome 21.0.1180.0

google chrome 21.0.1180.57

google chrome 21.0.1180.85

google chrome 21.0.1180.2

google chrome 21.0.1180.56

google chrome

google chrome 21.0.1180.50

google chrome 21.0.1180.83

google chrome 21.0.1180.64

google chrome 21.0.1180.60

google chrome 21.0.1180.32

google chrome 21.0.1180.84

google chrome 21.0.1180.48

google chrome 21.0.1180.70

google chrome 21.0.1180.74

google chrome 21.0.1180.51

google chrome 21.0.1180.41

google chrome 21.0.1180.35

google chrome 21.0.1180.72

google chrome 21.0.1180.36

google chrome 21.0.1180.39

google chrome 21.0.1180.59

google chrome 21.0.1180.53

google chrome 21.0.1180.75

google chrome 21.0.1180.68

google chrome 21.0.1180.47

google chrome 21.0.1180.63

google chrome 21.0.1180.54

google chrome 21.0.1180.86

google chrome 21.0.1180.34

google chrome 21.0.1180.80

google chrome 21.0.1180.81

google chrome 21.0.1180.69

Vendor Advisories

Red Hat: Important: libxslt security update
Synopsis Important: libxslt security update Type/Severity Security Advisory: Important Topic Updated libxslt packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vul ...
Debian CVElist Bug Report Logs: libxslt: Three security issues
Debian Bug report logs - #689422 libxslt: Three security issues Package: libxslt; Maintainer for libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 2 Oct 2012 12:54:04 UTC Severity: grave Tags: patch, security Fixed in version ...
Ubuntu Security Notice: libxslt vulnerabilities
Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file ...
Debian Security Advisories: DSA-2555-1 libxslt -- several vulnerabilities
Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed For the stable distribution (squeeze), these problems have been fixed in version 1126-6+squeeze2 For the unstable distribution (sid), these problems h ...
Amazon Linux AMI: ALAS-2012-123
A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code ...

Recent Articles

Hacking Team had RATted on Android: Trend Micro
The Register • Richard Chirgwin • 23 Jul 2015

Android had been p0wned from Ice Creams to Jelly Beans

The next piece of weaponised malware to emerge out of the Hacking Team leak has arrived: a Remote Access Trojan (RAT) for Android. Trend Micro researchers trawling the 400 GB of leaked files apparently have the honour of first discovery: RCSAndroid, it says, is “one of the most professionally developed and sophisticated” pieces of Android malware* they've seen. Compromised phones can't be cleaned without root privilege, and Trend says users would probably need their device manufacturer's hel...

Read more...

References

NVD-CWE-Otherhttp://secunia.com/advisories/50838http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlhttp://www.debian.org/security/2012/dsa-2555http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276&r2=149930http://code.google.com/p/chromium/issues/detail?id=138673http://support.apple.com/kb/HT6001https://exchange.xforce.ibmcloud.com/vulnerabilities/78179http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.htmlhttp://secunia.com/advisories/54886http://support.apple.com/kb/HT5934http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.htmlhttps://chromiumcodereview.appspot.com/10824157http://www.mandriva.com/security/advisories?name=MDVSA-2012:164http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=loghttp://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlhttps://access.redhat.com/errata/RHSA-2012:1265https://usn.ubuntu.com/1595-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook