VYPR

rpm package

suse/libxslt&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Vulnerabilities (4)

  • CVE-2017-5029HigApr 24, 2017
    affected < 1.1.28-16.1fixed 1.1.28-16.1

    The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to pe

  • CVE-2015-9019MedApr 5, 2017
    affected < 1.1.28-16.1fixed 1.1.28-16.1

    In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

  • CVE-2016-4738HigSep 25, 2016
    affected < 1.1.28-16.1fixed 1.1.28-16.1

    libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2015-7995Nov 17, 2015
    affected < 1.1.28-16.1fixed 1.1.28-16.1

    The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.