CVE-2013-4520
published 2013-12-14CVE-2013-4520: xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.36%
81.7th percentile
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
Affected
75 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxslt | — | — |
| xmlsoft | libxslt | <= 1.1.24 | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-4520: libxslt - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a de...
vendor_debian·2013·CVSS 5.0
CVE-2013-4520 [MEDIUM] CVE-2013-4520: libxslt - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a de...
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
libxslt: DoS when reading unexpected DTD nodes in XSLT in versions prior to 1.1.25
vendor_redhat·2009-09-16·CVSS 5.0
CVE-2013-4520 [MEDIUM] libxslt: DoS when reading unexpected DTD nodes in XSLT in versions prior to 1.1.25
libxslt: DoS when reading unexpected DTD nodes in XSLT in versions prior to 1.1.25
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
Statement: Not vulnerable. This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2012:1265. It did not affect Red Hat Enterprise Linux 6.
Package: libxslt (Red Hat Enterprise Linux 4) - Will not fix
Package: libxslt (Red Hat Enterprise Linux 5) - Not affected
Package: libxslt (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-762m-frp4-phf3: xslt
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2013-4520 [MEDIUM] GHSA-762m-frp4-phf3: xslt
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
No detection rules found.
No public exploits indexed.
http://seclists.org/oss-sec/2013/q4/238http://seclists.org/oss-sec/2013/q4/239http://secunia.com/advisories/56072http://www.osvdb.org/99671https://bugzilla.novell.com/show_bug.cgi?id=849019https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caahttps://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.htmlhttps://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.htmlhttp://seclists.org/oss-sec/2013/q4/238http://seclists.org/oss-sec/2013/q4/239http://secunia.com/advisories/56072http://www.osvdb.org/99671https://bugzilla.novell.com/show_bug.cgi?id=849019https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caahttps://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.htmlhttps://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
2013-12-14
Published