CVE-2012-2893

EUVD-2012-2873
Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 22.0.1229.78
googlechrome
22.0.1229.0
googlechrome
22.0.1229.1
googlechrome
22.0.1229.2
googlechrome
22.0.1229.3
googlechrome
22.0.1229.4
googlechrome
22.0.1229.6
googlechrome
22.0.1229.7
googlechrome
22.0.1229.8
googlechrome
22.0.1229.9
googlechrome
22.0.1229.10
googlechrome
22.0.1229.11
googlechrome
22.0.1229.12
googlechrome
22.0.1229.14
googlechrome
22.0.1229.16
googlechrome
22.0.1229.17
googlechrome
22.0.1229.18
googlechrome
22.0.1229.20
googlechrome
22.0.1229.21
googlechrome
22.0.1229.22
googlechrome
22.0.1229.23
googlechrome
22.0.1229.24
googlechrome
22.0.1229.25
googlechrome
22.0.1229.26
googlechrome
22.0.1229.27
googlechrome
22.0.1229.28
googlechrome
22.0.1229.29
googlechrome
22.0.1229.31
googlechrome
22.0.1229.32
googlechrome
22.0.1229.33
googlechrome
22.0.1229.35
googlechrome
22.0.1229.36
googlechrome
22.0.1229.37
googlechrome
22.0.1229.39
googlechrome
22.0.1229.48
googlechrome
22.0.1229.49
googlechrome
22.0.1229.50
googlechrome
22.0.1229.51
googlechrome
22.0.1229.52
googlechrome
22.0.1229.53
googlechrome
22.0.1229.54
googlechrome
22.0.1229.55
googlechrome
22.0.1229.56
googlechrome
22.0.1229.57
googlechrome
22.0.1229.58
googlechrome
22.0.1229.59
googlechrome
22.0.1229.60
googlechrome
22.0.1229.62
googlechrome
22.0.1229.63
googlechrome
22.0.1229.64
googlechrome
22.0.1229.65
googlechrome
22.0.1229.67
googlechrome
22.0.1229.76
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxslt
bookworm
1.1.35-1
fixed
bullseye
1.1.34-4+deb11u1
fixed
bullseye (security)
1.1.34-4+deb11u1
fixed
sid
1.1.35-1.1
fixed
trixie
1.1.35-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
hardy
dne
lucid
Fixed 3.0.1271.97-0ubuntu0.10.04.1
released
natty
ignored
oneiric
Fixed 3.0.1271.97-0ubuntu0.11.10.1
released
precise
Fixed 3.0.1271.97-0ubuntu0.12.04.1
released
quantal
Fixed 3.0.1271.97-0ubuntu0.12.10.1
released
libxslt
hardy
Fixed 1.1.22-1ubuntu1.3
released
lucid
Fixed 1.1.26-1ubuntu1.1
released
natty
Fixed 1.1.26-6ubuntu0.1
released
oneiric
Fixed 1.1.26-7ubuntu0.1
released
precise
Fixed 1.1.26-8ubuntu1.2
released
quantal
not-affected
Common Weakness Enumeration
References
http://git.chromium.org/gitweb/?p=chromium.git%3Ba=commit%3Bh=9a5da8e7d4b6f3454614b0331a51bf29c966f556
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html
http://secunia.com/advisories/50838
http://www.debian.org/security/2012/dsa-2555
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
https://chromiumcodereview.appspot.com/10919019
https://code.google.com/p/chromium/issues/detail?id=144799
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15714
https://src.chromium.org/viewvc/chrome?view=rev&revision=154331
http://git.chromium.org/gitweb/?p=chromium.git%3Ba=commit%3Bh=9a5da8e7d4b6f3454614b0331a51bf29c966f556
http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html
http://secunia.com/advisories/50838
http://www.debian.org/security/2012/dsa-2555
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
https://chromiumcodereview.appspot.com/10919019
https://code.google.com/p/chromium/issues/detail?id=144799
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15714
https://src.chromium.org/viewvc/chrome?view=rev&revision=154331