Fluid Attacks Database

Description

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libxslt	>=0 <1.1.26-14.1	1.1.26-14.1
debian 12	libxslt	>=0 <1.1.26-14.1	1.1.26-14.1
debian 13	libxslt	>=0 <1.1.26-14.1	1.1.26-14.1
debian 14	libxslt	>=0 <1.1.26-14.1	1.1.26-14.1
rpm rhel6	libxslt	-	-
rpm rhel5	libxslt	-	-
rpm rhel6	mingw32-libxslt	-	-

Aliases

1. CVE-2012-61392. NVD-2012-61393. OSV-DEBIAN-2012-61394. OSV-2012-61395. SECURITY-TRACKER-CVE-2012-6139

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.