CVE-2013-4520
Published: 14 December 2013
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
Priority
Status
Package | Release | Status |
---|---|---|
libxslt Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(1.1.26-1ubuntu1.2)
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
upstream |
Released
(1.1.25)
|
|
Patches: other: https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa |