QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4520

Published: Dec 14, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash

mailing-list

x_refsource_MLIST

https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa

x_refsource_MISC

SUSE-SU-2013:1654

vendor-advisory

x_refsource_SUSE

SUSE-SU-2013:1656

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.novell.com/show_bug.cgi?id=849019

x_refsource_CONFIRM

vdb-entry

x_refsource_OSVDB

[oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.