Wind River Support Network

HomeDefectsLIN7-6415

Fixed

LIN7-6415 : Security Advisory - libxslt - CVE-2016-1684

Created: Jun 14, 2016 Updated: Sep 8, 2018

Resolved Date: Aug 8, 2016

Found In Version: 7.0.0.16

Fix Version: 7.0.0.19

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.<a href=http://cwe.mitre.org/data/definitions/190.html>CWE-190: Integer Overflow or Wraparound</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1684

Other Downloads

Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2016-1684