CVE-2012-6139

EUVD-2012-6000
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
xmlsoftlibxslt
𝑥
≤ 1.1.27
xmlsoftlibxslt
0.0.1
xmlsoftlibxslt
0.1.0
xmlsoftlibxslt
0.2.0
xmlsoftlibxslt
0.3.0
xmlsoftlibxslt
0.4.0
xmlsoftlibxslt
0.5.0
xmlsoftlibxslt
0.6.0
xmlsoftlibxslt
0.7.0
xmlsoftlibxslt
0.8.0
xmlsoftlibxslt
0.9.0
xmlsoftlibxslt
0.10.0
xmlsoftlibxslt
0.11.0
xmlsoftlibxslt
0.12.0
xmlsoftlibxslt
0.13.0
xmlsoftlibxslt
0.14.0
xmlsoftlibxslt
1.0.0
xmlsoftlibxslt
1.0.1
xmlsoftlibxslt
1.0.2
xmlsoftlibxslt
1.0.3
xmlsoftlibxslt
1.0.4
xmlsoftlibxslt
1.0.5
xmlsoftlibxslt
1.0.6
xmlsoftlibxslt
1.0.7
xmlsoftlibxslt
1.0.8
xmlsoftlibxslt
1.0.9
xmlsoftlibxslt
1.0.10
xmlsoftlibxslt
1.0.11
xmlsoftlibxslt
1.0.12
xmlsoftlibxslt
1.0.13
xmlsoftlibxslt
1.0.14
xmlsoftlibxslt
1.0.15
xmlsoftlibxslt
1.0.16
xmlsoftlibxslt
1.0.17
xmlsoftlibxslt
1.0.18
xmlsoftlibxslt
1.0.19
xmlsoftlibxslt
1.0.20
xmlsoftlibxslt
1.0.21
xmlsoftlibxslt
1.0.22
xmlsoftlibxslt
1.0.23
xmlsoftlibxslt
1.0.24
xmlsoftlibxslt
1.0.25
xmlsoftlibxslt
1.0.26
xmlsoftlibxslt
1.0.27
xmlsoftlibxslt
1.0.28
xmlsoftlibxslt
1.0.29
xmlsoftlibxslt
1.0.30
xmlsoftlibxslt
1.0.31
xmlsoftlibxslt
1.0.32
xmlsoftlibxslt
1.0.33
xmlsoftlibxslt
1.1.0
xmlsoftlibxslt
1.1.1
xmlsoftlibxslt
1.1.2
xmlsoftlibxslt
1.1.3
xmlsoftlibxslt
1.1.4
xmlsoftlibxslt
1.1.5
xmlsoftlibxslt
1.1.6
xmlsoftlibxslt
1.1.7
xmlsoftlibxslt
1.1.8
xmlsoftlibxslt
1.1.9
xmlsoftlibxslt
1.1.10
xmlsoftlibxslt
1.1.11
xmlsoftlibxslt
1.1.12
xmlsoftlibxslt
1.1.13
xmlsoftlibxslt
1.1.14
xmlsoftlibxslt
1.1.15
xmlsoftlibxslt
1.1.16
xmlsoftlibxslt
1.1.17
xmlsoftlibxslt
1.1.18
xmlsoftlibxslt
1.1.19
xmlsoftlibxslt
1.1.20
xmlsoftlibxslt
1.1.21
xmlsoftlibxslt
1.1.22
xmlsoftlibxslt
1.1.23
xmlsoftlibxslt
1.1.24
xmlsoftlibxslt
1.1.25
xmlsoftlibxslt
1.1.26
opensuseopensuse
11.4
opensuseopensuse
12.1
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxslt
bookworm
1.1.35-1
fixed
bullseye
1.1.34-4+deb11u1
fixed
bullseye (security)
1.1.34-4+deb11u1
fixed
sid
1.1.35-1.1
fixed
trixie
1.1.35-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxslt
hardy
Fixed 1.1.22-1ubuntu1.4
released
lucid
Fixed 1.1.26-1ubuntu1.2
released
oneiric
Fixed 1.1.26-7ubuntu0.2
released
precise
Fixed 1.1.26-8ubuntu1.3
released
quantal
Fixed 1.1.26-14ubuntu0.1
released
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html
http://secunia.com/advisories/52745
http://secunia.com/advisories/52805
http://secunia.com/advisories/52813
http://secunia.com/advisories/52884
http://www.debian.org/security/2013/dsa-2654
http://www.mandriva.com/security/advisories?name=MDVSA-2013:141
http://www.securitytracker.com/id/1028338
http://www.ubuntu.com/usn/USN-1784-1
http://xmlsoft.org/XSLT/news.html
https://bugzilla.gnome.org/show_bug.cgi?id=685328
https://bugzilla.gnome.org/show_bug.cgi?id=685330
https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107
https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html
http://secunia.com/advisories/52745
http://secunia.com/advisories/52805
http://secunia.com/advisories/52813
http://secunia.com/advisories/52884
http://www.debian.org/security/2013/dsa-2654
http://www.mandriva.com/security/advisories?name=MDVSA-2013:141
http://www.securitytracker.com/id/1028338
http://www.ubuntu.com/usn/USN-1784-1
http://xmlsoft.org/XSLT/news.html
https://bugzilla.gnome.org/show_bug.cgi?id=685328
https://bugzilla.gnome.org/show_bug.cgi?id=685330
https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107
https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html