Vulnerabilities (CVE)

Filtered by vendor Xmlsoft Subscribe
Filtered by product Libxslt
Total 22 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30560 2 Google, Xmlsoft 2 Chrome, Libxslt 2022-05-18 6.8 MEDIUM 8.8 HIGH
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-29824 2 Fedoraproject, Xmlsoft 3 Fedora, Libxml2, Libxslt 2022-05-18 4.3 MEDIUM 6.5 MEDIUM
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVE-2017-5029 7 Apple, Debian, Google and 4 more 10 Macos, Debian Linux, Android and 7 more 2022-04-22 6.8 MEDIUM 8.8 HIGH
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2019-5815 1 Xmlsoft 1 Libxslt 2021-07-21 5.0 MEDIUM 7.5 HIGH
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
CVE-2019-13118 1 Xmlsoft 1 Libxslt 2021-06-29 5.0 MEDIUM 7.5 HIGH
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
CVE-2019-13117 1 Xmlsoft 1 Libxslt 2021-06-29 5.0 MEDIUM 7.5 HIGH
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
CVE-2016-4608 4 Apple, Fedoraproject, Microsoft and 1 more 9 Icloud, Iphone Os, Itunes and 6 more 2020-11-20 7.5 HIGH 9.8 CRITICAL
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
CVE-2016-4610 5 Apple, Debian, Fedoraproject and 2 more 10 Icloud, Iphone Os, Itunes and 7 more 2020-11-20 7.5 HIGH 9.8 CRITICAL
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
CVE-2016-4609 5 Apple, Debian, Fedoraproject and 2 more 10 Icloud, Iphone Os, Itunes and 7 more 2020-10-09 7.5 HIGH 9.8 CRITICAL
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
CVE-2016-4607 4 Apple, Fedoraproject, Microsoft and 1 more 9 Icloud, Iphone Os, Itunes and 6 more 2020-10-09 7.5 HIGH 9.8 CRITICAL
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
CVE-2011-3970 3 Google, Suse, Xmlsoft 5 Chrome, Linux Enterprise Desktop, Linux Enterprise Server and 2 more 2020-09-09 4.3 MEDIUM N/A
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2019-18197 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2020-08-24 5.1 MEDIUM 7.5 HIGH
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
CVE-2019-11068 3 Canonical, Debian, Xmlsoft 3 Ubuntu Linux, Debian Linux, Libxslt 2020-08-24 7.5 HIGH 9.8 CRITICAL
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2011-1202 2 Google, Xmlsoft 2 Chrome, Libxslt 2020-06-04 4.3 MEDIUM N/A
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
CVE-2015-7995 2 Apple, Xmlsoft 5 Iphone Os, Mac Os X, Tvos and 2 more 2019-03-08 5.0 MEDIUM N/A
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
CVE-2012-6139 2 Opensuse, Xmlsoft 2 Opensuse, Libxslt 2018-10-30 5.0 MEDIUM N/A
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
CVE-2016-1683 7 Canonical, Debian, Google and 4 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2018-10-30 5.1 MEDIUM 7.5 HIGH
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
CVE-2008-2935 1 Xmlsoft 1 Libxslt 2018-10-11 7.5 HIGH N/A
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
CVE-2016-1684 2 Google, Xmlsoft 2 Chrome, Libxslt 2017-07-01 5.1 MEDIUM 7.5 HIGH
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.
CVE-2015-9019 1 Xmlsoft 1 Libxslt 2017-04-11 5.0 MEDIUM 5.3 MEDIUM
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.