Denial of Service in libxslt Affects Various Linux Distributions
CVE-2012-6139

Currently unrated

Key Information:

Vendor: Xmlsoft
Status: Libxslt
Vendor: CVE Published:; 12 April 2013

What is CVE-2012-6139?

libxslt versions prior to 1.1.28 are susceptible to a denial of service that can be triggered by remote attackers. This vulnerability allows an attacker to exploit a NULL pointer dereference caused by either an empty match attribute in an XSL key or an uninitialized variable in specific functions. This can lead to application crashes, disrupting service and availability.

References

http://www.ubuntu.com/usn/USN-1784-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/52884

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/52813

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2013
Vulnerability Reserved
Dec 6, 2012

Xmlsoft

What is CVE-2012-6139?

References

Timeline