CVE-2013-4520

2013-12-1420:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

libxslt

denial of service

cve-2013-4520

context-dependent attackers

dtd

nvd

6.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

60.6%

JSON

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

CPENameOperatorVersion
xmlsoft:libxsltxmlsoft libxslteq1.1.11
xmlsoft:libxsltxmlsoft libxslteq1.0.19
xmlsoft:libxsltxmlsoft libxslteq1.0.27
xmlsoft:libxsltxmlsoft libxslteq1.0.11
xmlsoft:libxsltxmlsoft libxslteq1.1.8
xmlsoft:libxsltxmlsoft libxslteq1.1.15
xmlsoft:libxsltxmlsoft libxslteq0.6.0
xmlsoft:libxsltxmlsoft libxslteq1.0.23
xmlsoft:libxsltxmlsoft libxslteq1.0.2
xmlsoft:libxsltxmlsoft libxslteq1.0.9

CPE	Name	Operator	Version
xmlsoft:libxslt	xmlsoft libxslt	eq	1.1.11
xmlsoft:libxslt	xmlsoft libxslt	eq	1.0.19
xmlsoft:libxslt	xmlsoft libxslt	eq	1.0.27
xmlsoft:libxslt	xmlsoft libxslt	eq	1.0.11
xmlsoft:libxslt	xmlsoft libxslt	eq	1.1.8
xmlsoft:libxslt	xmlsoft libxslt	eq	1.1.15
xmlsoft:libxslt	xmlsoft libxslt	eq	0.6.0
xmlsoft:libxslt	xmlsoft libxslt	eq	1.0.23
xmlsoft:libxslt	xmlsoft libxslt	eq	1.0.2
xmlsoft:libxslt	xmlsoft libxslt	eq	1.0.9