Xmlsoft

Libxslt

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2017-5029

  • EPSS 2.37%
  • Veröffentlicht 24.04.2017 23:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which a...

5.3

CVE-2015-9019

  • EPSS 0.98%
  • Veröffentlicht 05.04.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

9.8

CVE-2016-4610

  • EPSS 3.26%
  • Veröffentlicht 22.07.2016 02:59:34
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly ...

9.8

CVE-2016-4609

  • EPSS 5.59%
  • Veröffentlicht 22.07.2016 02:59:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly ...

9.8

CVE-2016-4608

  • EPSS 5.21%
  • Veröffentlicht 22.07.2016 02:59:31
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly ...

9.8

CVE-2016-4607

  • EPSS 4.74%
  • Veröffentlicht 22.07.2016 02:59:30
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly ...

7.5

CVE-2016-1684

  • EPSS 0.47%
  • Veröffentlicht 05.06.2016 23:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly hav...

7.5

CVE-2016-1683

  • EPSS 0.46%
  • Veröffentlicht 05.06.2016 23:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via ...

5

CVE-2015-7995

Exploit
  • EPSS 3.04%
  • Veröffentlicht 17.11.2015 15:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

4.3

CVE-2013-4520

Exploit
  • EPSS 1.43%
  • Veröffentlicht 14.12.2013 20:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for...