Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Subscribe











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Vulnerability

Vigil@nce: libxslt, buffer overflow via Namespace

October 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use XSLT data with a Namespace selection, in order
to stop applications linked to libxslt, and possibly to execute
code.

 Impacted products: Fedora, RHEL, Unix (platform)
 Severity: 2/4
 Creation date: 14/09/2012

DESCRIPTION OF THE VULNERABILITY

The libxslt library processes XSLT transformations to be applied
on an XML document.

A transformation can select nodes via "namespace::*". However, in
this case, the xsltApplyTemplates() function of file
libxslt/transform.c uses an invalid pointer to a child node. An
overflow then occurs in the function xmlUnlinkNode().

An attacker can therefore use XSLT data with a Namespace
selection, in order to stop applications linked to libxslt, and
possibly to execute code.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/libxslt-buffer-overflow-via-Namespace-11946


See previous articles

    

See next articles












Security Vulnerability

Toutes nos news en Francais

Alle unsere News auf deutsch

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Cyber Security Security Vulnerability Malware Update Diary Guide & Podcast TRAINING Jobs CONTACTS Contact About Mentions légales identifier ADMIN

Global Security Mag Copyright 2011