What is CVE-2012-2870?

CVE-2012-2870 is a vulnerability in Apple Iphone_os, classified under CWE-399. Published 2012-08-31.

Is CVE-2012-2870 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Iphone_os

CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not proper…

EPSS: 0.009 (75.7th percentile) — read the EPSS interpretation.

Affected products

Apple Iphone_os — versions 1.0.0, 1.0.1, 1.0.2
Google Chrome — versions 21.0.1180.0, 21.0.1180.1, 21.0.1180.2
Xmlsoft Libxslt — versions 1.1.8, 1.1.9, 1.1.10
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

chrome-cve-admin@google.com (x_refsource_CONFIRM)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
50838 (x_refsource_SECUNIA, third-party-advisory)
APPLE-SA-2013-10-22-8 (vendor-advisory, x_refsource_APPLE)
DSA-2555 (vendor-advisory, x_refsource_DEBIAN)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
chrome-cve-admin@google.com (x_refsource_CONFIRM)
54886 (x_refsource_SECUNIA, third-party-advisory)
chrome-cve-admin@google.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2012-2870?: CVE-2012-2870 is a vulnerability in Apple Iphone_os, classified under CWE-399. Published 2012-08-31.
Is CVE-2012-2870 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.