CVE-2012-6139
Published: 26 March 2013
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
Notes
Author | Note |
---|---|
jdstrand | could reproduce 685328 on all releases but not 685330. PoCs in bugs (be sure to use 'Save As' in your browser when downloading PoCs) |
Priority
Status
Package | Release | Status |
---|---|---|
libxslt Launchpad, Ubuntu, Debian |
hardy |
Released
(1.1.22-1ubuntu1.4)
|
lucid |
Released
(1.1.26-1ubuntu1.2)
|
|
oneiric |
Released
(1.1.26-7ubuntu0.2)
|
|
precise |
Released
(1.1.26-8ubuntu1.3)
|
|
quantal |
Released
(1.1.26-14ubuntu0.1)
|
|
upstream |
Pending
(1.1.28)
|
|
Patches: upstream: http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d upstream: http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833 |