CVE-2012-6139
Published: 26 March 2013
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
Notes
| Author | Note |
|---|---|
| jdstrand | could reproduce 685328 on all releases but not 685330. PoCs in bugs (be sure to use 'Save As' in your browser when downloading PoCs) |
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
libxslt Launchpad, Ubuntu, Debian |
hardy |
Released
(1.1.22-1ubuntu1.4)
|
| lucid |
Released
(1.1.26-1ubuntu1.2)
|
|
| oneiric |
Released
(1.1.26-7ubuntu0.2)
|
|
| precise |
Released
(1.1.26-8ubuntu1.3)
|
|
| quantal |
Released
(1.1.26-14ubuntu0.1)
|
|
| upstream |
Pending
(1.1.28)
|
|
|
Patches: upstream: http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d (bug #685328) upstream: http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833 (bug #685330) |
||