CVE-2012-2893 — Double Free in Libxslt

CWE-3997 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

1.7%

top 17.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxslt Debian Libxslt Google Chrome

Timeline

PublishedSep 26

Latest updateMay 17

Description

Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDgoogle/chrome22.0.1229.78+52

▶debiandebian/libxslt< libxslt 1.1.26-14 (bookworm)

▶Debianxmlsoft/libxslt< 1.1.26-14+3

🔴Vulnerability Details

GHSA

GHSA-8rww-q75g-4r2c: Double free vulnerability in libxslt, as used in Google Chrome before 22↗2022-05-17

▶

OSV

CVE-2012-2893: Double free vulnerability in libxslt, as used in Google Chrome before 22↗2012-09-26

▶

📋Vendor Advisories

Ubuntu

libxslt vulnerabilities↗2012-10-04

▶

Red Hat

libxslt: Heap-double-free in xmlFreeNodeList↗2012-09-25

▶

Debian

CVE-2012-2893: libxslt - Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229....↗2012

▶

💬Community

Bugzilla

CVE-2012-2893 libxslt: Heap-double-free in xmlFreeNodeList↗2012-09-26

▶