5

CVE-2012-6139

Exploit

EPSS 4.6%
Published 12.04.2013 22:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Xmlsoft ≫ Libxslt Version <= 1.1.27

Xmlsoft ≫ Libxslt Version0.0.1

Xmlsoft ≫ Libxslt Version0.1.0

Xmlsoft ≫ Libxslt Version0.2.0

Xmlsoft ≫ Libxslt Version0.3.0

Xmlsoft ≫ Libxslt Version0.4.0

Xmlsoft ≫ Libxslt Version0.5.0

Xmlsoft ≫ Libxslt Version0.6.0

Xmlsoft ≫ Libxslt Version0.7.0

Xmlsoft ≫ Libxslt Version0.8.0

Xmlsoft ≫ Libxslt Version0.9.0

Xmlsoft ≫ Libxslt Version0.10.0

Xmlsoft ≫ Libxslt Version0.11.0

Xmlsoft ≫ Libxslt Version0.12.0

Xmlsoft ≫ Libxslt Version0.13.0

Xmlsoft ≫ Libxslt Version0.14.0

Xmlsoft ≫ Libxslt Version1.0.0

Xmlsoft ≫ Libxslt Version1.0.1

Xmlsoft ≫ Libxslt Version1.0.2

Xmlsoft ≫ Libxslt Version1.0.3

Xmlsoft ≫ Libxslt Version1.0.4

Xmlsoft ≫ Libxslt Version1.0.5

Xmlsoft ≫ Libxslt Version1.0.6

Xmlsoft ≫ Libxslt Version1.0.7

Xmlsoft ≫ Libxslt Version1.0.8

Xmlsoft ≫ Libxslt Version1.0.9

Xmlsoft ≫ Libxslt Version1.0.10

Xmlsoft ≫ Libxslt Version1.0.11

Xmlsoft ≫ Libxslt Version1.0.12

Xmlsoft ≫ Libxslt Version1.0.13

Xmlsoft ≫ Libxslt Version1.0.14

Xmlsoft ≫ Libxslt Version1.0.15

Xmlsoft ≫ Libxslt Version1.0.16

Xmlsoft ≫ Libxslt Version1.0.17

Xmlsoft ≫ Libxslt Version1.0.18

Xmlsoft ≫ Libxslt Version1.0.19

Xmlsoft ≫ Libxslt Version1.0.20

Xmlsoft ≫ Libxslt Version1.0.21

Xmlsoft ≫ Libxslt Version1.0.22

Xmlsoft ≫ Libxslt Version1.0.23

Xmlsoft ≫ Libxslt Version1.0.24

Xmlsoft ≫ Libxslt Version1.0.25

Xmlsoft ≫ Libxslt Version1.0.26

Xmlsoft ≫ Libxslt Version1.0.27

Xmlsoft ≫ Libxslt Version1.0.28

Xmlsoft ≫ Libxslt Version1.0.29

Xmlsoft ≫ Libxslt Version1.0.30

Xmlsoft ≫ Libxslt Version1.0.31

Xmlsoft ≫ Libxslt Version1.0.32

Xmlsoft ≫ Libxslt Version1.0.33

Xmlsoft ≫ Libxslt Version1.1.0

Xmlsoft ≫ Libxslt Version1.1.1

Xmlsoft ≫ Libxslt Version1.1.2

Xmlsoft ≫ Libxslt Version1.1.3

Xmlsoft ≫ Libxslt Version1.1.4

Xmlsoft ≫ Libxslt Version1.1.5

Xmlsoft ≫ Libxslt Version1.1.6

Xmlsoft ≫ Libxslt Version1.1.7

Xmlsoft ≫ Libxslt Version1.1.8

Xmlsoft ≫ Libxslt Version1.1.9

Xmlsoft ≫ Libxslt Version1.1.10

Xmlsoft ≫ Libxslt Version1.1.11

Xmlsoft ≫ Libxslt Version1.1.12

Xmlsoft ≫ Libxslt Version1.1.13

Xmlsoft ≫ Libxslt Version1.1.14

Xmlsoft ≫ Libxslt Version1.1.15

Xmlsoft ≫ Libxslt Version1.1.16

Xmlsoft ≫ Libxslt Version1.1.17

Xmlsoft ≫ Libxslt Version1.1.18

Xmlsoft ≫ Libxslt Version1.1.19

Xmlsoft ≫ Libxslt Version1.1.20

Xmlsoft ≫ Libxslt Version1.1.21

Xmlsoft ≫ Libxslt Version1.1.22

Xmlsoft ≫ Libxslt Version1.1.23

Xmlsoft ≫ Libxslt Version1.1.24

Xmlsoft ≫ Libxslt Version1.1.25

Xmlsoft ≫ Libxslt Version1.1.26

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.1

Opensuse ≫ Opensuse Version12.2

Opensuse ≫ Opensuse Version12.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.6%	0.888

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html

https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html

http://secunia.com/advisories/52745

Vendor Advisory

http://secunia.com/advisories/52805

Vendor Advisory

http://secunia.com/advisories/52813

Vendor Advisory

http://secunia.com/advisories/52884

Vendor Advisory

http://www.debian.org/security/2013/dsa-2654

http://www.mandriva.com/security/advisories?name=MDVSA-2013:141

http://www.securitytracker.com/id/1028338

http://www.ubuntu.com/usn/USN-1784-1

http://xmlsoft.org/XSLT/news.html

https://bugzilla.gnome.org/show_bug.cgi?id=685328

Patch

Exploit

https://bugzilla.gnome.org/show_bug.cgi?id=685330

Patch

https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833

Patch

https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d

Patch

Exploit

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107

https://nvd.nist.gov/vuln/detail/CVE-2012-6139

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-6139

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-6139

EUVD