Skip to main content

Libxslt CVE-2013-4520

MEDIUM
2013-12-14 secalert@redhat.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 14, 2013 - 20:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

AnalysisAI

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. Affected products include: Xmlsoft Libxslt. Version information: before 1.1.25.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-55549 HIGH POC
7.8 Mar 14

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. Rate

CVE-2025-24855 HIGH POC
7.8 Mar 14

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can

CVE-2016-4607 CRITICAL
9.8 Jul 22

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,

CVE-2012-6139 MEDIUM POC
5.0 Apr 12

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (

CVE-2016-4610 CRITICAL
9.8 Jul 22

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,

CVE-2016-4609 CRITICAL
9.8 Jul 22

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,

CVE-2016-4608 CRITICAL
9.8 Jul 22

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows,

CVE-2022-29824 MEDIUM POC
6.5 May 03

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for i

CVE-2019-11068 CRITICAL
9.8 Apr 10

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permi

CVE-2015-7995 MEDIUM POC
5.0 Nov 17

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which a

CVE-2017-5029 HIGH
8.8 Apr 24

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98

CVE-2021-30560 HIGH
8.8 Aug 03

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit he

Share

CVE-2013-4520 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy