CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
96.2%
It was discovered that long transformation matches in libxslt could
overflow. If an attacker were able to make an application linked against
libxslt process malicious XSL style sheet input, they could execute
arbitrary code with user privileges or cause the application to crash,
leading to a denial of serivce. (CVE-2008-1767)
Chris Evans discovered that the RC4 processing code in libxslt did not
correctly handle corrupted key information. If a remote attacker were
able to make an application linked against libxslt process malicious
XML input, they could crash the application, leading to a denial of
service. (CVE-2008-2935)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | libxslt1.1 | <Β 1.1.22-1ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | libxslt1-dbg | <Β 1.1.22-1ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | libxslt1-dev | <Β 1.1.22-1ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | python-libxslt1 | <Β 1.1.22-1ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | python-libxslt1-dbg | <Β 1.1.22-1ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | xsltproc | <Β 1.1.22-1ubuntu1.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | libxslt1.1 | <Β 1.1.21-2ubuntu2.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | libxslt1-dbg | <Β 1.1.21-2ubuntu2.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | libxslt1-dev | <Β 1.1.21-2ubuntu2.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | python-libxslt1 | <Β 1.1.21-2ubuntu2.2 | UNKNOWN |