Unrated severityNVD Advisory· Published May 23, 2008· Updated Apr 23, 2026
CVE-2008-1767
CVE-2008-1767
Description
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
Affected products
15cpe:2.3:o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*+ 9 more
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop_workstation:5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
29- bugzilla.gnome.org/show_bug.cginvdExploit
- www.securityfocus.com/bid/29312nvdExploit
- secunia.com/advisories/30315nvdVendor Advisory
- secunia.com/advisories/30323nvdVendor Advisory
- lists.apple.com/archives/security-announce//2008/Nov/msg00001.htmlnvd
- lists.apple.com/archives/security-announce/2008//Jul/msg00001.htmlnvd
- lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlnvd
- secunia.com/advisories/30393nvd
- secunia.com/advisories/30521nvd
- secunia.com/advisories/30717nvd
- secunia.com/advisories/31074nvd
- secunia.com/advisories/31363nvd
- secunia.com/advisories/32222nvd
- secunia.com/advisories/32706nvd
- security.gentoo.org/glsa/glsa-200806-02.xmlnvd
- support.apple.com/kb/HT3216nvd
- support.apple.com/kb/HT3298nvd
- www.debian.org/security/2008/dsa-1589nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2008_13_sr.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0287.htmlnvd
- www.securityfocus.com/bid/31681nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-633-1nvd
- www.vupen.com/english/advisories/2008/1580/referencesnvd
- www.vupen.com/english/advisories/2008/2094/referencesnvd
- www.vupen.com/english/advisories/2008/2780nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/42560nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9785nvd
News mentions
0No linked articles in our index yet.