CVE-2012-2871

CWE-122 — Heap-based Buffer Overflow10 documents9 sources

Severity

6.8MEDIUM

EPSS

0.8%

top 26.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Google Chrome Xmlsoft Libxml2

Timeline

PublishedAug 31

Latest updateMay 17

Description

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶NVDgoogle/chrome21.0.1180.88+51

▶NVDxmlsoft/libxml22.9.0

▶Debianlibxslt< 1.1.26-14+3

▶NVDapple/iphone_os6.1.4+47

🔴Vulnerability Details

GHSA

GHSA-259f-5jp2-pgmr: libxml2 2↗2022-05-17

▶

OSV

CVE-2012-2871: libxml2 2↗2012-08-31

▶

CVEList

CVE-2012-2871: libxml2 2↗2012-08-31

▶

💥Exploits & PoCs

Exploit-DB

MYREphp Vacation Rental Software - Multiple Vulnerabilities↗2012-11-14

▶

📋Vendor Advisories

Ubuntu

libxslt vulnerabilities↗2012-10-04

▶

Red Hat

libxslt: Heap-buffer overflow caused by bad cast in XSL transforms↗2012-08-31

▶

Debian

CVE-2012-2871: libxslt - libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, doe...↗2012

▶

💬Community

Bugzilla

CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms↗2012-08-30

▶

Bugzilla

CVE-2012-2825 CVE-2012-2871 CVE-2012-2870 libxslt various flaws [fedora-all]↗2012-06-27

▶