CVE-2012-6139

11 documents8 sources

Severity

5.0MEDIUM

EPSS

10.8%

top 6.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxslt Opensuse Opensuse

Timeline

PublishedApr 12

Latest updateMay 14

Description

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianlibxslt< 1.1.26-14.1+3

▶NVDxmlsoft/libxslt1.1.27+76

▶NVDopensuse/opensuse4 versions+3

Patches

Patch: bugzilla.gnome.org ↗Patch: bugzilla.gnome.org ↗Patch: git.gnome.org ↗

🔴Vulnerability Details

GHSA

GHSA-jg9f-36wv-mjmx: libxslt before 1↗2022-05-14

▶

OSV

CVE-2012-6139: libxslt before 1↗2013-04-12

▶

CVEList

CVE-2012-6139: libxslt before 1↗2013-04-12

▶

📋Vendor Advisories

Ubuntu

libxslt vulnerability↗2013-04-02

▶

Red Hat

libxslt: two DoS issues fixed in 1.1.28↗2012-10-02

▶

Debian

CVE-2012-6139: libxslt - libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL...↗2012

▶

💬Community

Bugzilla

CVE-2012-6139 libxslt: two DoS issues fixed in 1.1.28 [fedora-all]↗2013-03-26

▶

Bugzilla

CVE-2012-6139 libxslt: two DoS issues fixed in 1.1.28 [fedora-all]↗2013-03-26

▶

Bugzilla

libxslt: crash when passing an uninitialized variable to document()↗2013-03-25

▶

Bugzilla

CVE-2012-6139 libxslt: two DoS issues fixed in 1.1.28↗2013-03-25

▶