Search CVE reports
1 – 10 of 29 results
CVE-2021-30560
Medium priorityUse after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2 affected packages
chromium-browser, libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | Not affected | Not affected | Fixed | Ignored |
libxslt | — | Fixed | Fixed | Fixed | Fixed |
CVE-2019-5815
Medium priorityType confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
2 affected packages
chromium-browser, libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | Not affected | Not affected | Not affected | Not affected |
libxslt | — | Not affected | Not affected | Fixed | Fixed |
CVE-2019-18197
Medium priorityIn xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | Fixed | Fixed |
CVE-2019-13118
Low prioritySome fixes available 4 of 5
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | Fixed | Fixed |
CVE-2019-13117
Low prioritySome fixes available 4 of 5
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | Fixed | Fixed |
CVE-2019-11068
Medium prioritylibxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | Fixed | Fixed |
CVE-2015-9019
Low priorityIn libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | Ignored | Ignored | Ignored | Ignored |
CVE-2017-2477
Medium priorityAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | — | Not affected |
CVE-2017-5029
Medium prioritySome fixes available 13 of 14
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size...
3 affected packages
chromium-browser, libxslt, oxide-qt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | — | — | — | Fixed |
libxslt | — | — | — | — | Fixed |
oxide-qt | — | — | — | — | Fixed |
CVE-2016-4738
Medium prioritylibxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | — | Fixed |