Skip to main content

Libxslt CVE-2012-6139

MEDIUM
2013-04-12 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Apr 12, 2013 - 22:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

AnalysisAI

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Technical ContextAI

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. Affected products include: Xmlsoft Libxslt, Opensuse. Version information: before 1.1.28.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-55549 HIGH POC
7.8 Mar 14

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. Rate

CVE-2025-24855 HIGH POC
7.8 Mar 14

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can

CVE-2016-4607 CRITICAL
9.8 Jul 22

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,

CVE-2016-4610 CRITICAL
9.8 Jul 22

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,

CVE-2016-4609 CRITICAL
9.8 Jul 22

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,

CVE-2016-4608 CRITICAL
9.8 Jul 22

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,

CVE-2022-29824 MEDIUM POC
6.5 May 03

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for i

CVE-2019-11068 CRITICAL
9.8 Apr 10

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permi

CVE-2015-7995 MEDIUM POC
5.0 Nov 17

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which a

CVE-2017-5029 HIGH
8.8 Apr 24

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98

CVE-2021-30560 HIGH
8.8 Aug 03

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit he

CVE-2013-4520 MEDIUM POC
4.3 Dec 14

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet

Share

CVE-2012-6139 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy