CVE-2015-7995
published 2015-11-17CVE-2015-7995: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of…
medium5CVSS 3.1
AVNACLAuNCNINAP
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | apple_tv | — | — |
| apple | ios | — | — |
| apple | iphone_os | <= 9.2 | — |
| apple | mac_os_x | <= 10.11.2 | — |
| apple | os_x_el_capitan_10.11.3_and_security_update_2016-001 | — | — |
| apple | tvos | <= 9.1 | — |
| apple | tvos | — | — |
| apple | watchos | <= 2.1 | — |
| apple | watchos | — | — |
| debian | libxslt | < libxslt 1.1.28-2.1 (bookworm) | libxslt 1.1.28-2.1 (bookworm) |
| android | — | — | |
| xmlsoft | libxslt | <= 1.1.28 | — |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1 | 1.1.28-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1 | 1.1.28-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1 | 1.1.28-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1 | 1.1.28-2.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2ubuntu0.1 | 1.1.28-2ubuntu0.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1ubuntu0.1 | 1.1.28-2.1ubuntu0.1 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM