Vulnerability in Xmlsoft Libxslt
CVE-2012-6139
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDoc…
EPSS: 0.108 (93.5th percentile) — read the EPSS interpretation.
Affected products
- Xmlsoft Libxslt — versions 0.0.1, 0.1.0, 0.2.0
- Opensuse — versions 11.4, 12.1, 12.2
- N/a — versions n/a
References
- USN-1784-1 (x_refsource_UBUNTU, vendor-advisory)
- 52884 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 52813 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- SUSE-SU-2013:1654 (vendor-advisory, x_refsource_SUSE)
- SUSE-SU-2013:1656 (vendor-advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- openSUSE-SU-2013:0593 (vendor-advisory, x_refsource_SUSE)
- openSUSE-SU-2013:0585 (vendor-advisory, x_refsource_SUSE)
- MDVSA-2013:141 (vendor-advisory, x_refsource_MANDRIVA)