Wind River Support Network

HomeDefectsLIN5-15507
Fixed

LIN5-15507 : Security Advisory - libxslt - CVE-2012-2870

Created: Sep 16, 2012    Updated: Dec 19, 2017
Resolved Date: Jul 11, 2014
Previous ID: LIN3-8669
Found In Version: 5.0
Fix Version: 5.0.1.17
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2870

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online