Unrated severityNVD Advisory· Published Apr 4, 2011· Updated Jun 16, 2026
CVE-2011-1425
CVE-2011-1425
Description
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
44cpe:2.3:a:aleksey:xml_security_library:*:*:*:*:*:*:*:*+ 42 more
- cpe:2.3:a:aleksey:xml_security_library:*:*:*:*:*:*:*:*range: <=1.2.16
- cpe:2.3:a:aleksey:xml_security_library:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:aleksey:xml_security_library:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
19- git.gnome.org/browse/xmlsec/commit/nvdPatch
- git.gnome.org/browse/xmlsec/commit/nvdPatch
- www.aleksey.com/pipermail/xmlsec/2011/009120.htmlnvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/43920nvdVendor Advisory
- secunia.com/advisories/44167nvd
- secunia.com/advisories/44423nvd
- trac.webkit.org/changeset/79159nvd
- www.debian.org/security/2011/dsa-2219nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2011-0486.htmlnvd
- www.securityfocus.com/bid/47135nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2011/0855nvd
- www.vupen.com/english/advisories/2011/0858nvd
- www.vupen.com/english/advisories/2011/1010nvd
- www.vupen.com/english/advisories/2011/1172nvd
- bugs.webkit.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/66506nvd
News mentions
0No linked articles in our index yet.