Your submission was sent successfully! Close

CVE-2013-2902

Published: 21 August 2013

Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (30.0.1599.114-0ubuntu0.12.04.3)
quantal
Released (30.0.1599.114-0ubuntu0.12.10.2)
raring
Released (30.0.1599.114-0ubuntu0.13.04.2)
saucy Not vulnerable
(29.0.1547.65-0ubuntu2)
trusty Not vulnerable
(29.0.1547.65-0ubuntu2)
upstream
Released (29.0.1547.57)
libxslt
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

trusty Not vulnerable

upstream Needs triage

Notes

AuthorNote
seth-arnold
As of 2013-08-21, I don't know if libxslt needs an update or if
this is strictly in chromium-browser.
mdeslaur
fix was in chromium, marking libxslt as not-affected

References