Denial of Service Risk in libxslt Used by Google Chrome
CVE-2016-1683

7.5HIGH

Key Information:

Vendor

Xmlsoft

Status
Libxslt
Vendor
CVE Published:
5 June 2016

What is CVE-2016-1683?

A vulnerability in libxslt, present before version 1.1.29 and utilized in Google Chrome before version 51.0.2704.63, can be exploited by remote attackers. This flaw occurs due to mishandling of namespace nodes, which may lead to denial of service conditions through out-of-bounds heap memory accesses. Attackers could leverage this weakness by sending crafted documents, potentially impacting the stability and availability of affected applications.

References

http://www.debian.org/security/2016/dsa-3605
vendor-advisoryx_refsource_DEBIAN
https://bugzilla.redhat.com/show_bug.cgi?id=1340016
x_refsource_CONFIRM
https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6b...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.