Back to search
CVE-2012-2870
Published: Aug 31, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://code.google.com/p/chromium/issues/detail?id=138672
x_refsource_CONFIRM
https://chromiumcodereview.appspot.com/10823168
x_refsource_CONFIRM
50838
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2013-10-22-8
vendor-advisory
x_refsource_APPLE
DSA-2555
vendor-advisory
x_refsource_DEBIAN
http://support.apple.com/kb/HT6001
x_refsource_CONFIRM
54886
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT5934
x_refsource_CONFIRM
http://code.google.com/p/chromium/issues/detail?id=140368
x_refsource_CONFIRM
https://chromiumcodereview.appspot.com/10830177
x_refsource_CONFIRM
openSUSE-SU-2012:1215
vendor-advisory
x_refsource_SUSE
MDVSA-2012:164
vendor-advisory
x_refsource_MANDRIVA
APPLE-SA-2013-09-18-2
vendor-advisory
x_refsource_APPLE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now