Xmlsoft Libxslt vulnerabilities

CVE-2012-2870 [MEDIUM] CWE-399 CVE-2012-2870: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage m libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/patte

CVE-2011-3970 [MEDIUM] CWE-125 CVE-2011-3970: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of s libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-1202 [MEDIUM] CWE-200 CVE-2011-1202: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

CVE-2008-2935 [HIGH] CWE-119 CVE-2008-2935: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) a Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."