High severity8.8NVD Advisory· Published Apr 24, 2017· Updated Jun 17, 2026
CVE-2017-5029
CVE-2017-5029
Description
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.7.2 | 1.7.2 |
Affected products
25- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- ghsa-coords18 versionspkg:gem/nokogiripkg:rpm/opensuse/libxslt&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libxslt-python&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 1.7.2+ 17 more
- (no CPE)range: < 1.7.2
- (no CPE)range: < 1.1.34-3.2
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.13.3-1.1
- (no CPE)range: < 57.0.2987.98-8.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.24-19.33.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.24-19.33.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.24-19.33.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.28-16.1
- (no CPE)range: < 1.1.24-19.33.3
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-pf6m-fxpq-fg8vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5029ghsaADVISORY
- git.gnome.org/browse/libxslt/commit/nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.ymlghsaWEB
- github.com/sparklemotion/nokogiri/issues/1634ghsaWEB
- ubuntu.com/security/CVE-2017-5029ghsaWEB
- ubuntu.com/security/notices/USN-3271-1ghsaWEB
- rhn.redhat.com/errata/RHSA-2017-0499.htmlnvd
- www.debian.org/security/2017/dsa-3810nvd
- www.securityfocus.com/bid/96767nvd
- www.securitytracker.com/id/1038157nvd
- chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlnvd
- crbug.com/676623nvd
News mentions
0No linked articles in our index yet.