VYPR
← All vendors
Vendor

Libxslt

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2016-4610CriJul 22, 2016
    Libxslt
    libxslt
    risk 0.64cvss 9.8epss 0.05

    libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…

  • CVE-2016-1684HigJun 5, 2016
    Google
    Chrome
    risk 0.49cvss 7.5epss 0.02

    numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact…

  • CVE-2015-9019MedApr 5, 2017
    Libxslt
    libxslt
    risk 0.35cvss 5.3epss 0.02

    In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

  • CVE-2008-2935Aug 1, 2008
    Libxslt
    libxslt
    risk 0.04cvss epss 0.13

    Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code…

  • CVE-2008-1767May 23, 2008
    Libxslt
    libxslt
    risk 0.04cvss epss 0.13

    Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

  • CVE-2015-7995Nov 17, 2015
    Libxslt
    libxslt
    risk 0.00cvss epss 0.04

    The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

  • CVE-2013-4520Dec 14, 2013
    Libxslt
    libxslt
    risk 0.00cvss epss 0.02

    xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

  • CVE-2012-6139Apr 12, 2013
    Libxslt
    libxslt
    risk 0.00cvss epss 0.04

    libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

  • CVE-2012-2870Aug 31, 2012
    Google
    Chrome
    risk 0.00cvss epss 0.02

    libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation,…

  • CVE-2011-1202Mar 11, 2011
    Google
    Chrome
    risk 0.00cvss epss 0.02

    The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a…