Published: 05/06/2016 Updated: 07/11/2023

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

numbers.c in libxslt prior to 1.1.29, as used in Google Chrome prior to 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote malicious users to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
xmlsoft libxslt

Debian Bug report logs - #802971 libxslt: CVE-2015-7995: Type confusion may cause DoS Package: src:libxslt; Maintainer for src:libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Oct 2015 18:18:02 UTC Severity: important ...

Several security issues were fixed in Libxslt ...

Several security issues were fixed in Oxide ...

Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service (application crash) against an application using the libxslt library For the stable distribution (jessie), these problems have been fixed in version 1128-2+deb8u1 We recommend that you upgrade y ...

numbersc in libxslt before 1129, as used in Google Chrome before 510270463, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document ...

NVD-CWE-Other https://crbug.com/583171 https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d http://www.debian.org/security/2016/dsa-3605 http://www.securityfocus.com/bid/90876 http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html https://support.apple.com/HT206901 http://www.securitytracker.com/id/1035981 https://bugzilla.redhat.com/show_bug.cgi?id=1340017 http://www.debian.org/security/2016/dsa-3590 http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://www.ubuntu.com/usn/USN-2992-1 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html https://access.redhat.com/errata/RHSA-2016:1190 https://support.apple.com/HT206905 https://support.apple.com/HT206903 https://support.apple.com/HT206902 https://support.apple.com/HT206904 https://security.gentoo.org/glsa/201607-07 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html https://support.apple.com/HT206899 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802971 https://nvd.nist.gov https://usn.ubuntu.com/3271-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1684

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect