CVE-2017-5029
chromium-browser: integer overflow in libxslt
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
La función xsltAddTextString en transform.c en libxslt 1.1.29, tal como se utiliza en Blink en Google Chrome anteriores a 57.0.2987.98 para Mac, Windows y Linux y 57.0.2987.108 para Android, carecía de una comprobación de desbordamiento de entero durante un cálculo de tamaño, lo que permite a un atacante remoto realizar una escritura de memoria fuera de límites a través de una página HTML diseñada.
Holger Fuhrmannek discovered an integer overflow in the xsltAddTextString function in Libxslt. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service or possible execute arbitrary code. Nicolas Gregoire discovered that Libxslt mishandled namespace nodes. An attacker could use this to craft a malicious document that, when opened, could cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-02 CVE Reserved
- 2017-03-14 CVE Published
- 2024-08-05 CVE Updated
- 2025-06-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/96767 | Vdb Entry | |
| http://www.securitytracker.com/id/1038157 | Vdb Entry | |
| https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html | X_refsource_confirm | |
| https://crbug.com/676623 | X_refsource_confirm | |
| https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0499.html | 2023-11-07 | |
| http://www.debian.org/security/2017/dsa-3810 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2017-5029 | 2017-03-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1431033 | 2017-03-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 57.0.2987.75 Search vendor "Google" for product "Chrome" and version " <= 57.0.2987.75" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 57.0.2987.75 Search vendor "Google" for product "Chrome" and version " <= 57.0.2987.75" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 57.0.2987.75 Search vendor "Google" for product "Chrome" and version " <= 57.0.2987.75" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 57.0.2987.100 Search vendor "Google" for product "Chrome" and version " <= 57.0.2987.100" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Safe
|
| Xmlsoft Search vendor "Xmlsoft" | Libxslt Search vendor "Xmlsoft" for product "Libxslt" | 1.1.29 Search vendor "Xmlsoft" for product "Libxslt" and version "1.1.29" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||