CVE-2013-4520

6 documents6 sources
Severity
4.3MEDIUM
EPSS
1.4%
top 19.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxslt
Timeline
PublishedDec 14
Latest updateMay 17

Description

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDxmlsoft/libxslt1.1.24+73

Patches

Patch: seclists.orgPatch: seclists.orgPatch: bugzilla.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-762m-frp4-phf3: xslt2022-05-17
CVEList
CVE-2013-4520: xslt2013-12-14

📋Vendor Advisories

2
Debian
CVE-2013-4520: libxslt - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a de...2013
Red Hat
libxslt: DoS when reading unexpected DTD nodes in XSLT in versions prior to 1.1.252009-09-16

💬Community

1
Bugzilla
CVE-2013-4520 libxslt: DoS when reading unexpected DTD nodes in XSLT in versions prior to 1.1.252013-11-06
CVE-2013-4520 (MEDIUM CVSS 4.3) | xslt.c in libxslt before 1.1.25 all | cvebase.io