libxslt
Page content
- Vulnerable: 1.1.22-2kalgan1
- Unaffected: 1.1.22-2kalgan2
Chris Evans has reported some vulnerabilities in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to boundary errors within crypto.c when handling the XSLT “crypto:rc4_encrypt” and “crypto:rc4_decrypt” functions. This can be exploited to cause a heap-based buffer overflow via a specially crafted stylesheet.
- Bug Tracker URL: http://bugs.frugalware.org/task/3285