Unrated severityNVD Advisory· Published Mar 11, 2011· Updated Apr 29, 2026

CVE-2011-1202

Description

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

Affected products

Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <10.0.648.127
Xmlsoft/Libxslt
cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*
Range: <=1.1.26

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.gnome.org/browse/libxslt/commit/nvdPatchThird Party Advisory
code.google.com/p/chromium/issues/detailnvdExploitIssue TrackingPatchVendor Advisory
downloads.avaya.com/css/P8/documents/100144158nvdThird Party Advisory
googlechromereleases.blogspot.com/2011/03/chrome-stable-release.htmlnvdVendor Advisory
scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.htmlnvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.securityfocus.com/bid/46785nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/65966nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14244nvdThird Party Advisory
www.vupen.com/english/advisories/2011/0628nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000