Freely subscribe to our NEWSLETTER

Security Vulnerability

Vigil@nce: libxslt, using freed memory via XPath/generate-id

October 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use XSLT data with XPath or generate-id(), in
order to stop applications linked to libxslt, and possibly to
execute code.

– Impacted products: Fedora, RHEL, Unix (platform)
– Severity: 2/4
– Creation date: 14/09/2012

DESCRIPTION OF THE VULNERABILITY

The libxslt library processes XSLT transformations to be applied
on an XML document. It is impacted by two vulnerabilities.

The XPath language is used to indicate a location in XML data. For
example "/a/b" selects the "" element. During its usage, a
memory area previously freed is used. [severity:2/4]

The XSLT XPath generate-id() function generates a unique
identifier for a node of XML data. During its usage, a memory area
previously freed is used. [severity:2/4]

An attacker can therefore use XSLT data with XPath or
generate-id(), in order to stop applications linked to libxslt,
and possibly to execute code.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libxslt-using-freed-memory-via-XPath-generate-id-11947

See previous articles

See next articles

Security Vulnerability

Vigilance Vulnerability Alerts - MIT Kerberos (...)

Vigilance Vulnerability Alerts - wpa_supplicant:

Vigilance Vulnerability Alerts - libxls: (...)

Vigilance Vulnerability Alerts - Linux (...)

Vigilance Vulnerability Alerts - libde265: (...)

Vigilance Vulnerability Alerts - Grafana JSON (...)

Vigilance Vulnerability Alerts - Grafana CSV (...)

Vigilance Vulnerability Alerts - Spring (...)

Vigilance Vulnerability Alerts - Microsoft (...)

Vigilance Vulnerability Alerts - Linux (...)

Toutes nos news en Francais

Vigilance Alertes Vulnérabilités - MIT Kerberos (...)

Vigilance Alertes Vulnérabilités - wpa_supplicant :

Vigilance Alertes Vulnérabilités - libxls : (...)

Vigilance Alertes Vulnérabilités - Noyau Linux (...)

Vigilance Alertes Vulnérabilités - libde265 : (...)

4 piliers et une approche par les risques (...)

Vigilance Alertes Vulnérabilités - Grafana JSON (...)

Vigilance Alertes Vulnérabilités - Grafana CSV (...)

CERTFR-2024-AVI-0353 : Multiples vulnérabilités

CERTFR-2024-AVI-0352 : Multiples vulnérabilités

Alle unsere News auf deutsch

Eine Dekade im Blick: Herausforderungen bei (...)

Jeder Euro, der in Deutschland durch Betrug (...)

Zunehmende Migration von Unternehmen in die (...)

Raspberry Robin: Vorsicht vor Malware-Bedrohung

Check Point kommentiert die Maßnahmen der USA (...)

XZ Utils-Vorfall: Open Source als Software (...)

Identity Management Day

Umfrage des SANS Institutes zielt auf die (...)

Vereinfachung der MSP-Verwaltung für Microsoft (...)

Rosenberger OSI erweitert Portfolio durch (...)

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

News Files Cyber Security Security Vulnerability Malware Update Diary Guide & Podcast TRAINING Jobs CONTACTS Contact About Mentions légales identifier ADMIN
Global Security Mag Copyright 2011