Product:

Libxslt

(Xmlsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 22
Date Id Summary Products Score Patch Annotated
2017-04-05 CVE-2015-9019 In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. Libxslt 5.3
2015-11-17 CVE-2015-7995 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. Iphone_os, Mac_os_x, Tvos, Watchos, Libxslt N/A
2013-12-14 CVE-2013-4520 xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. Libxslt N/A
2013-04-12 CVE-2012-6139 libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. Opensuse, Libxslt N/A
2008-08-01 CVE-2008-2935 Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." Libxslt N/A