CVE-2015-7995
https://notcve.org/view.php?id=CVE-2015-7995
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. La función xsltStylePreCompute en preproc.c en libxslt 1.1.28 no comprueba si el nodo padre es un elemento, lo que permite a atacantes causar una denegación de servicio a través de un archivo XML manipulado, relacionado a un problema 'type confusion'. • http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html http://www.debian.org/security/2016/dsa-3605 http://www.openwall.com/lists/oss-security/2015/10/27/10 http://www.openwall.com •
CVE-2013-4520
https://notcve.org/view.php?id=CVE-2013-4520
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. xslt.c en libxslt anterior a 1.1.25 permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) a través de una hoja de estilo embebida en una DTD, lo que hace que una estructura sea accesible como un tipo diferente. NOTA: este problema se debe a una solución incompleta de CVE-2012-2825. • http://seclists.org/oss-sec/2013/q4/238 http://seclists.org/oss-sec/2013/q4/239 http://secunia.com/advisories/56072 http://www.osvdb.org/99671 https://bugzilla.novell.com/show_bug.cgi?id=849019 https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html •
CVE-2012-6139
https://notcve.org/view.php?id=CVE-2012-6139
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. libxslt antes de v1.1.28 permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero NULL y caída del sistema) mediante un atributo (1) match vacío en una clave XSL a la función xsltAddKey en keys.c o (2) una variable no inicializada en la función xsltDocumentFunction en functions.c. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html http://secunia.com/advisories/52745 http://secunia.com/advisories/52805 http://secunia.com/advisories/52813 http://secunia.com/advisories/52884 http://www.debian.org/security/2013/dsa-2654 http://www.mandriva.com/security/advisories?name=MDVSA-2013:141 http://www.securitytracker •
CVE-2012-2870 – libxslt: Use-after-free when processing an invalid XPath expression
https://notcve.org/view.php?id=CVE-2012-2870
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. libxslt v1.1.26 y anteriores, tal como se utiliza en Google Chrome anterior a v21.0.1180.89, no gestiona adecuadamente la memoria, lo que podría permitir a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de una elaborada expresión XSLT que no esté debidamente identificado durante XPath navegación, en relación con (1) la función xsltCompileLocationPathPattern en libxslt / pattern.c y (2) la función xsltGenerateIdFunction en libxslt / functions.c. • http://code.google.com/p/chromium/issues/detail?id=138672 http://code.google.com/p/chromium/issues/detail?id=140368 http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html http://secunia.com/advisories/50838 http://secunia.com/advisories/54886 http: • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2011-1202 – libxslt: Heap address leak in XLST
https://notcve.org/view.php?id=CVE-2011-1202
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. Vulnerabilidad no especificada en la implementación XSLT en Google Chrome anterior a v10.0.648.127 permite a atacantes remotos obtener información sensible acerca de las direcciones de memoria en el montón mediante vectores desconocidos. • http://code.google.com/p/chromium/issues/detail?id=73716 http://downloads.avaya.com/css/P8/documents/100144158 http://git.gnome.org/browse/libxslt/commit/?id=ecb6bcb8d1b7e44842edde3929f412d46b40c89f http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2012:164 http://www& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •