- EPSS 10.83%
- Veröffentlicht 12.04.2013 22:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFuncti...
CVE-2012-2870
- EPSS 0.88%
- Veröffentlicht 31.08.2012 19:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identifi...
CVE-2011-3970
- EPSS 0.49%
- Veröffentlicht 09.02.2012 04:10:29
- Zuletzt bearbeitet 29.04.2026 01:13:23
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-1202
- EPSS 0.64%
- Veröffentlicht 11.03.2011 02:01:20
- Zuletzt bearbeitet 29.04.2026 01:13:23
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an ...
CVE-2008-2935
- EPSS 22.14%
- Veröffentlicht 01.08.2008 14:41:00
- Zuletzt bearbeitet 23.04.2026 00:35:47
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attack...