Summary
| Detail | |||
|---|---|---|---|
| Vendor | Xmlsoft | First view | 2008-08-01 |
| Product | Libxslt | Last view | 2022-05-03 |
| Version | 1.1.18 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:xmlsoft:libxslt | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2022-05-03 | CVE-2022-29824 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. |
| 8.8 | 2021-08-03 | CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| 7.5 | 2019-12-11 | CVE-2019-5815 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. |
| 9.8 | 2019-04-10 | CVE-2019-11068 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
| 5.3 | 2017-04-05 | CVE-2015-9019 | In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. |
| 9.8 | 2016-07-21 | CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. |
| 9.8 | 2016-07-21 | CVE-2016-4609 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. |
| 9.8 | 2016-07-21 | CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. |
| 9.8 | 2016-07-21 | CVE-2016-4607 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. |
| 7.5 | 2016-06-05 | CVE-2016-1684 | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. |
| 7.5 | 2016-06-05 | CVE-2016-1683 | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. |
| 5 | 2015-11-17 | CVE-2015-7995 | The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. |
| 4.3 | 2013-12-14 | CVE-2013-4520 | xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. |
| 5 | 2013-04-12 | CVE-2012-6139 | libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. |
| 4.3 | 2012-08-31 | CVE-2012-2870 | libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. |
| 4.3 | 2012-02-08 | CVE-2011-3970 | libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |
| 4.3 | 2011-03-10 | CVE-2011-1202 | The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. |
| 7.5 | 2008-08-01 | CVE-2008-2935 | Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 46% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 7% (1) | CWE-787 | Out-of-bounds Write |
| 7% (1) | CWE-416 | Use After Free |
| 7% (1) | CWE-399 | Resource Management Errors |
| 7% (1) | CWE-330 | Use of Insufficiently Random Values |
| 7% (1) | CWE-200 | Information Exposure |
| 7% (1) | CWE-190 | Integer Overflow or Wraparound |
| 7% (1) | CWE-125 | Out-of-bounds Read |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 75031 | Apple Safari libxslt functions.c xsltGenerateIdFunction Heap Memory Address I... |
| 72490 | Google Chrome libxslt functions.c xsltGenerateIdFunction Heap Memory Address ... |
| 72094 | Mozilla Multiple Products XSLT generate-id() Function Heap Address Informatio... |
| 47544 | libxslt libexslt crypto.c Multiple Function XML Parsing Overflows |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for chromium openSUSE-SU-2012:1215-1 (chromium) File : nvt/gb_suse_2012_1215_1.nasl |
| 2012-10-13 | Name : Debian Security Advisory DSA 2555-1 (libxslt) File : nvt/deb_2555_1.nasl |
| 2012-10-12 | Name : Mandriva Update for libxslt MDVSA-2012:164 (libxslt) File : nvt/gb_mandriva_MDVSA_2012_164.nasl |
| 2012-10-05 | Name : Ubuntu Update for libxslt USN-1595-1 File : nvt/gb_ubuntu_USN_1595_1.nasl |
| 2012-10-03 | Name : Fedora Update for libxslt FEDORA-2012-14048 File : nvt/gb_fedora_2012_14048_libxslt_fc16.nasl |
| 2012-09-27 | Name : Fedora Update for libxslt FEDORA-2012-14083 File : nvt/gb_fedora_2012_14083_libxslt_fc17.nasl |
| 2012-09-17 | Name : CentOS Update for libxslt CESA-2012:1265 centos6 File : nvt/gb_CESA-2012_1265_libxslt_centos6.nasl |
| 2012-09-17 | Name : RedHat Update for libxslt RHSA-2012:1265-01 File : nvt/gb_RHSA-2012_1265-01_libxslt.nasl |
| 2012-09-17 | Name : CentOS Update for libxslt CESA-2012:1265 centos5 File : nvt/gb_CESA-2012_1265_libxslt_centos5.nasl |
| 2012-09-03 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Windows) File : nvt/gb_google_chrome_mult_vuln_sep12_win.nasl |
| 2012-09-03 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Mac OS X) File : nvt/gb_google_chrome_mult_vuln_sep12_macosx.nasl |
| 2012-09-03 | Name : Google Chrome Multiple Vulnerabilities - Sep12 (Linux) File : nvt/gb_google_chrome_mult_vuln_sep12_lin.nasl |
| 2012-08-30 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium18.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:0471 centos5 x86_64 File : nvt/gb_CESA-2011_0471_firefox_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:0471 centos4 x86_64 File : nvt/gb_CESA-2011_0471_firefox_centos4_x86_64.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201202-01 (chromium) File : nvt/glsa_201202_01.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-08 (libxslt) File : nvt/glsa_201203_08.nasl |
| 2012-03-07 | Name : Mandriva Update for libxslt MDVSA-2012:028 (libxslt) File : nvt/gb_mandriva_MDVSA_2012_028.nasl |
| 2012-02-14 | Name : Google Chrome Multiple Vulnerabilities - February 12 (Windows) File : nvt/gb_google_chrome_mult_vuln_feb12_win.nasl |
| 2012-02-14 | Name : Google Chrome Multiple Vulnerabilities - February 12 (MAC OS X) File : nvt/gb_google_chrome_mult_vuln_feb12_macosx.nasl |
| 2012-02-14 | Name : Google Chrome Multiple Vulnerabilities - February 12 (Linux) File : nvt/gb_google_chrome_mult_vuln_feb12_lin.nasl |
| 2012-02-12 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium2.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2011:0471 centos4 i386 File : nvt/gb_CESA-2011_0471_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2011:0471 centos5 i386 File : nvt/gb_CESA-2011_0471_firefox_centos5_i386.nasl |
| 2011-06-10 | Name : Ubuntu Update for thunderbird USN-1122-3 File : nvt/gb_ubuntu_USN_1122_3.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0031 | Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity: Category I - VMSKEY: V0036787 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | GNOME Project libxslt RC4 key string buffer overflow attempt - 2 RuleID : 14041 - Type : SERVER-OTHER - Revision : 16 |
| 2014-01-10 | GNOME Project libxslt RC4 key string buffer overflow attempt RuleID : 14040 - Type : SERVER-OTHER - Revision : 14 |
| 2014-01-10 | GNOME Project libxslt RC4 key string buffer overflow attempt RuleID : 14039 - Type : FILE-OTHER - Revision : 20 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0025.nasl - Type: ACT_GATHER_INFO |
| 2017-05-24 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-609.nasl - Type: ACT_GATHER_INFO |
| 2017-05-17 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-1313-1.nasl - Type: ACT_GATHER_INFO |
| 2017-05-16 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-1282-1.nasl - Type: ACT_GATHER_INFO |
| 2017-04-28 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3271-1.nasl - Type: ACT_GATHER_INFO |
| 2016-07-21 | Name: The remote device is affected by multiple vulnerabilities. File: appletv_9_2_2.nasl - Type: ACT_GATHER_INFO |
| 2016-07-21 | Name: The remote host is missing a Mac OS X security update that fixes multiple vul... File: macosx_10_11_6.nasl - Type: ACT_GATHER_INFO |
| 2016-07-21 | Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File: macosx_SecUpd2016-004.nasl - Type: ACT_GATHER_INFO |
| 2016-07-19 | Name: The remote host contains an application that is affected by multiple vulnerab... File: itunes_12_4_2.nasl - Type: ACT_GATHER_INFO |
| 2016-07-19 | Name: The remote host is running an application that is affected by multiple vulner... File: itunes_12_4_2_banner.nasl - Type: ACT_GATHER_INFO |
| 2016-07-18 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201607-07.nasl - Type: ACT_GATHER_INFO |
| 2016-06-21 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_1a2aa04f371811e6b3c814dae9d210b8.nasl - Type: ACT_GATHER_INFO |
| 2016-06-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3605.nasl - Type: ACT_GATHER_INFO |
| 2016-06-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-514.nasl - Type: ACT_GATHER_INFO |
| 2016-06-07 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2992-1.nasl - Type: ACT_GATHER_INFO |
| 2016-06-06 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-682.nasl - Type: ACT_GATHER_INFO |
| 2016-06-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3590.nasl - Type: ACT_GATHER_INFO |
| 2016-06-02 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-1190.nasl - Type: ACT_GATHER_INFO |
| 2016-06-01 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-652.nasl - Type: ACT_GATHER_INFO |
| 2016-06-01 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-661.nasl - Type: ACT_GATHER_INFO |
| 2016-05-31 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2016-148-02.nasl - Type: ACT_GATHER_INFO |
| 2016-05-27 | Name: A web browser installed on the remote Windows host is affected by multiple vu... File: google_chrome_51_0_2704_63.nasl - Type: ACT_GATHER_INFO |
| 2016-05-27 | Name: A web browser installed on the remote Mac OS X host is affected by multiple v... File: macosx_google_chrome_51_0_2704_63.nasl - Type: ACT_GATHER_INFO |
| 2016-05-18 | Name: The remote web server is affected by multiple vulnerabilities. File: hpsmh_7_5_5.nasl - Type: ACT_GATHER_INFO |
| 2016-04-25 | Name: The remote web server is running an application that is affected by multiple ... File: splunk_6334.nasl - Type: ACT_GATHER_INFO |
