CVE-2008-1767

Properties

Published:
22.05.2008
Updated:
28.05.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
redhat: desktop
redhat: desktop
redhat: enterprise_linux
redhat: enterprise_linux
redhat: enterprise_linux
redhat: enterprise_linux
redhat: enterprise_linux
redhat: enterprise_linux
redhat: enterprise_linux
redhat: enterprise_linux

Vulnerability description

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT"transformation match"condition that triggers a large number of steps.

References:

http://bugzilla.gnome.org/show_bug.cgi?id=527297: http://bugzilla.gnome.org/show_bug.cgi?id=527297
REDHAT: http://www.redhat.com/support/errata/RHSA-2008-0287.html
BID: http://www.securityfocus.com/bid/29312
FRSIRT: http://www.frsirt.com/english/advisories/2008/1580/references
SECTRACK: http://www.securitytracker.com/id?1020071
SECUNIA: http://secunia.com/advisories/30315
SECUNIA: http://secunia.com/advisories/30323
XF: http://xforce.iss.net/xforce/xfdb/42560