High severity8.8NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026
CVE-2017-5029
CVE-2017-5029
Description
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.7.2 | 1.7.2 |
Affected products
7cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- github.com/advisories/GHSA-pf6m-fxpq-fg8vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5029ghsaADVISORY
- git.gnome.org/browse/libxslt/commit/nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.ymlghsaWEB
- github.com/sparklemotion/nokogiri/issues/1634ghsaWEB
- ubuntu.com/security/CVE-2017-5029ghsaWEB
- ubuntu.com/security/notices/USN-3271-1ghsaWEB
- rhn.redhat.com/errata/RHSA-2017-0499.htmlnvd
- www.debian.org/security/2017/dsa-3810nvd
- www.securityfocus.com/bid/96767nvd
- www.securitytracker.com/id/1038157nvd
- chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.htmlnvd
- crbug.com/676623nvd
News mentions
0No linked articles in our index yet.