CVE-2012-2893
published 2012-09-26CVE-2012-2893: Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have…
PriorityP424medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.48%
70.7th percentile
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxslt | < libxslt 1.1.26-14 (bookworm) | libxslt 1.1.26-14 (bookworm) |
| chrome | <= 22.0.1229.78 | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — | |
| chrome | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8rww-q75g-4r2c: Double free vulnerability in libxslt, as used in Google Chrome before 22
ghsa_unreviewed·2022-05-17
CVE-2012-2893 [MEDIUM] GHSA-8rww-q75g-4r2c: Double free vulnerability in libxslt, as used in Google Chrome before 22
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
OSV
CVE-2012-2893: Double free vulnerability in libxslt, as used in Google Chrome before 22
osv·2012-09-26·CVSS 6.8
CVE-2012-2893 [MEDIUM] CVE-2012-2893: Double free vulnerability in libxslt, as used in Google Chrome before 22
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
Ubuntu
libxslt vulnerabilities
vendor_ubuntu·2012-10-04·CVSS 4.3
CVE-2011-1202 [MEDIUM] libxslt vulnerabilities
Title: libxslt vulnerabilities
Summary: Applications using libxslt could be made to crash or run programs as your
login if they processed a specially crafted file.
Chris Evans discovered that libxslt incorrectly handled generate-id XPath
functions. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could obtain potentially
sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu
10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)
It was discovered that libxslt incorrectly parsed certain patterns. If a
user or automated system were tricked into processing a specially crafted
XSLT document, a remote attacker could cause libxslt to crash, causing a
denial of service. (CVE-2011-3970)
Nicholas Gregoire discovered that libxs
Red Hat
libxslt: Heap-double-free in xmlFreeNodeList
vendor_redhat·2012-09-25·CVSS 6.8
CVE-2012-2893 [MEDIUM] libxslt: Heap-double-free in xmlFreeNodeList
libxslt: Heap-double-free in xmlFreeNodeList
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
Debian
CVE-2012-2893: libxslt - Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229....
vendor_debian·2012·CVSS 6.8
CVE-2012-2893 [MEDIUM] CVE-2012-2893: libxslt - Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229....
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
Scope: local
bookworm: resolved (fixed in 1.1.26-14)
bullseye: resolved (fixed in 1.1.26-14)
forky: resolved (fixed in 1.1.26-14)
sid: resolved (fixed in 1.1.26-14)
trixie: resolved (fixed in 1.1.26-14)
No detection rules found.
No public exploits indexed.
http://git.chromium.org/gitweb/?p=chromium.git%3Ba=commit%3Bh=9a5da8e7d4b6f3454614b0331a51bf29c966f556http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.htmlhttp://secunia.com/advisories/50838http://www.debian.org/security/2012/dsa-2555http://www.mandriva.com/security/advisories?name=MDVSA-2012:164https://chromiumcodereview.appspot.com/10919019https://code.google.com/p/chromium/issues/detail?id=144799https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15714https://src.chromium.org/viewvc/chrome?view=rev&revision=154331http://git.chromium.org/gitweb/?p=chromium.git%3Ba=commit%3Bh=9a5da8e7d4b6f3454614b0331a51bf29c966f556http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.htmlhttp://secunia.com/advisories/50838http://www.debian.org/security/2012/dsa-2555http://www.mandriva.com/security/advisories?name=MDVSA-2012:164https://chromiumcodereview.appspot.com/10919019https://code.google.com/p/chromium/issues/detail?id=144799https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15714https://src.chromium.org/viewvc/chrome?view=rev&revision=154331
2012-09-26
Published