CVE-2012-6139

2013-03-26T00:00:00
ID UB:CVE-2012-6139
Type ubuntucve
Reporter ubuntu.com
Modified 2013-03-26T00:00:00

Description

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

Bugs

  • <https://bugzilla.gnome.org/show_bug.cgi?id=685328>
  • <https://bugzilla.gnome.org/show_bug.cgi?id=685330>
  • <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703933>

Notes

Author| Note
---|---
jdstrand | could reproduce 685328 on all releases but not 685330. PoCs in bugs (be sure to use 'Save As' in your browser when downloading PoCs)