Vulnerability in Xmlsoft Libxslt
CVE-2013-4520
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incompl…
EPSS: 0.014 (81.0th percentile) — read the EPSS interpretation.
Affected products
- Xmlsoft Libxslt — versions 0.0.1, 0.1.0, 0.2.0
- N/a — versions n/a
References
- [oss-security] 20131105 Re: CVE Request: additional fix for CVE-2012-2825 libxslt crash (mailing-list, x_refsource_MLIST, Patch)
- secalert@redhat.com (Exploit, Patch, x_refsource_MISC)
- SUSE-SU-2013:1654 (vendor-advisory, x_refsource_SUSE)
- SUSE-SU-2013:1656 (vendor-advisory, x_refsource_SUSE)
- 56072 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- 99671 (x_refsource_OSVDB, vdb-entry)
- [oss-security] 20131105 CVE Request: additional fix for CVE-2012-2825 libxslt crash (mailing-list, x_refsource_MLIST, Patch)