CVE-2012-6139: Null Pointer Dereference
First published: Fri Apr 12 2013(Updated: )
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xmlsoft Libxslt | <=1.1.27 | |
| Xmlsoft Libxslt | =0.0.1 | |
| Xmlsoft Libxslt | =0.1.0 | |
| Xmlsoft Libxslt | =0.2.0 | |
| Xmlsoft Libxslt | =0.3.0 | |
| Xmlsoft Libxslt | =0.4.0 | |
| Xmlsoft Libxslt | =0.5.0 | |
| Xmlsoft Libxslt | =0.6.0 | |
| Xmlsoft Libxslt | =0.7.0 | |
| Xmlsoft Libxslt | =0.8.0 | |
| Xmlsoft Libxslt | =0.9.0 | |
| Xmlsoft Libxslt | =0.10.0 | |
| Xmlsoft Libxslt | =0.11.0 | |
| Xmlsoft Libxslt | =0.12.0 | |
| Xmlsoft Libxslt | =0.13.0 | |
| Xmlsoft Libxslt | =0.14.0 | |
| Xmlsoft Libxslt | =1.0.0 | |
| Xmlsoft Libxslt | =1.0.1 | |
| Xmlsoft Libxslt | =1.0.2 | |
| Xmlsoft Libxslt | =1.0.3 | |
| Xmlsoft Libxslt | =1.0.4 | |
| Xmlsoft Libxslt | =1.0.5 | |
| Xmlsoft Libxslt | =1.0.6 | |
| Xmlsoft Libxslt | =1.0.7 | |
| Xmlsoft Libxslt | =1.0.8 | |
| Xmlsoft Libxslt | =1.0.9 | |
| Xmlsoft Libxslt | =1.0.10 | |
| Xmlsoft Libxslt | =1.0.11 | |
| Xmlsoft Libxslt | =1.0.12 | |
| Xmlsoft Libxslt | =1.0.13 | |
| Xmlsoft Libxslt | =1.0.14 | |
| Xmlsoft Libxslt | =1.0.15 | |
| Xmlsoft Libxslt | =1.0.16 | |
| Xmlsoft Libxslt | =1.0.17 | |
| Xmlsoft Libxslt | =1.0.18 | |
| Xmlsoft Libxslt | =1.0.19 | |
| Xmlsoft Libxslt | =1.0.20 | |
| Xmlsoft Libxslt | =1.0.21 | |
| Xmlsoft Libxslt | =1.0.22 | |
| Xmlsoft Libxslt | =1.0.23 | |
| Xmlsoft Libxslt | =1.0.24 | |
| Xmlsoft Libxslt | =1.0.25 | |
| Xmlsoft Libxslt | =1.0.26 | |
| Xmlsoft Libxslt | =1.0.27 | |
| Xmlsoft Libxslt | =1.0.28 | |
| Xmlsoft Libxslt | =1.0.29 | |
| Xmlsoft Libxslt | =1.0.30 | |
| Xmlsoft Libxslt | =1.0.31 | |
| Xmlsoft Libxslt | =1.0.32 | |
| Xmlsoft Libxslt | =1.0.33 | |
| Xmlsoft Libxslt | =1.1.0 | |
| Xmlsoft Libxslt | =1.1.1 | |
| Xmlsoft Libxslt | =1.1.2 | |
| Xmlsoft Libxslt | =1.1.3 | |
| Xmlsoft Libxslt | =1.1.4 | |
| Xmlsoft Libxslt | =1.1.5 | |
| Xmlsoft Libxslt | =1.1.6 | |
| Xmlsoft Libxslt | =1.1.7 | |
| Xmlsoft Libxslt | =1.1.8 | |
| Xmlsoft Libxslt | =1.1.9 | |
| Xmlsoft Libxslt | =1.1.10 | |
| Xmlsoft Libxslt | =1.1.11 | |
| Xmlsoft Libxslt | =1.1.12 | |
| Xmlsoft Libxslt | =1.1.13 | |
| Xmlsoft Libxslt | =1.1.14 | |
| Xmlsoft Libxslt | =1.1.15 | |
| Xmlsoft Libxslt | =1.1.16 | |
| Xmlsoft Libxslt | =1.1.17 | |
| Xmlsoft Libxslt | =1.1.18 | |
| Xmlsoft Libxslt | =1.1.19 | |
| Xmlsoft Libxslt | =1.1.20 | |
| Xmlsoft Libxslt | =1.1.21 | |
| Xmlsoft Libxslt | =1.1.22 | |
| Xmlsoft Libxslt | =1.1.23 | |
| Xmlsoft Libxslt | =1.1.24 | |
| Xmlsoft Libxslt | =1.1.25 | |
| Xmlsoft Libxslt | =1.1.26 | |
| openSUSE openSUSE | =11.4 | |
| openSUSE openSUSE | =12.1 | |
| openSUSE openSUSE | =12.2 | |
| openSUSE openSUSE | =12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html
- http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html
- http://secunia.com/advisories/52745
- http://secunia.com/advisories/52805
- http://secunia.com/advisories/52813
- http://secunia.com/advisories/52884
- http://www.debian.org/security/2013/dsa-2654
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:141
- http://www.securitytracker.com/id/1028338
- http://www.ubuntu.com/usn/USN-1784-1
- http://xmlsoft.org/XSLT/news.html
- https://bugzilla.gnome.org/show_bug.cgi?id=685328
- https://bugzilla.gnome.org/show_bug.cgi?id=685330
- https://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
- https://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0107
- https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
- https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/xmlsoft
- canonical/xmlsoft libxslt
- version/xmlsoft libxslt/1.1.27
- version/xmlsoft libxslt/0.0.1
- version/xmlsoft libxslt/0.1.0
- version/xmlsoft libxslt/0.2.0
- version/xmlsoft libxslt/0.3.0
- version/xmlsoft libxslt/0.4.0
- version/xmlsoft libxslt/0.5.0
- version/xmlsoft libxslt/0.6.0
- version/xmlsoft libxslt/0.7.0
- version/xmlsoft libxslt/0.8.0
- version/xmlsoft libxslt/0.9.0
- version/xmlsoft libxslt/0.10.0
- version/xmlsoft libxslt/0.11.0
- version/xmlsoft libxslt/0.12.0
- version/xmlsoft libxslt/0.13.0
- version/xmlsoft libxslt/0.14.0
- version/xmlsoft libxslt/1.0.0
- version/xmlsoft libxslt/1.0.1
- version/xmlsoft libxslt/1.0.2
- version/xmlsoft libxslt/1.0.3
- version/xmlsoft libxslt/1.0.4
- version/xmlsoft libxslt/1.0.5
- version/xmlsoft libxslt/1.0.6
- version/xmlsoft libxslt/1.0.7
- version/xmlsoft libxslt/1.0.8
- version/xmlsoft libxslt/1.0.9
- version/xmlsoft libxslt/1.0.10
- version/xmlsoft libxslt/1.0.11
- version/xmlsoft libxslt/1.0.12
- version/xmlsoft libxslt/1.0.13
- version/xmlsoft libxslt/1.0.14
- version/xmlsoft libxslt/1.0.15
- version/xmlsoft libxslt/1.0.16
- version/xmlsoft libxslt/1.0.17
- version/xmlsoft libxslt/1.0.18
- version/xmlsoft libxslt/1.0.19
- version/xmlsoft libxslt/1.0.20
- version/xmlsoft libxslt/1.0.21
- version/xmlsoft libxslt/1.0.22
- version/xmlsoft libxslt/1.0.23
- version/xmlsoft libxslt/1.0.24
- version/xmlsoft libxslt/1.0.25
- version/xmlsoft libxslt/1.0.26
- version/xmlsoft libxslt/1.0.27
- version/xmlsoft libxslt/1.0.28
- version/xmlsoft libxslt/1.0.29
- version/xmlsoft libxslt/1.0.30
- version/xmlsoft libxslt/1.0.31
- version/xmlsoft libxslt/1.0.32
- version/xmlsoft libxslt/1.0.33
- version/xmlsoft libxslt/1.1.0
- version/xmlsoft libxslt/1.1.1
- version/xmlsoft libxslt/1.1.2
- version/xmlsoft libxslt/1.1.3
- version/xmlsoft libxslt/1.1.4
- version/xmlsoft libxslt/1.1.5
- version/xmlsoft libxslt/1.1.6
- version/xmlsoft libxslt/1.1.7
- version/xmlsoft libxslt/1.1.8
- version/xmlsoft libxslt/1.1.9
- version/xmlsoft libxslt/1.1.10
- version/xmlsoft libxslt/1.1.11
- version/xmlsoft libxslt/1.1.12
- version/xmlsoft libxslt/1.1.13
- version/xmlsoft libxslt/1.1.14
- version/xmlsoft libxslt/1.1.15
- version/xmlsoft libxslt/1.1.16
- version/xmlsoft libxslt/1.1.17
- version/xmlsoft libxslt/1.1.18
- version/xmlsoft libxslt/1.1.19
- version/xmlsoft libxslt/1.1.20
- version/xmlsoft libxslt/1.1.21
- version/xmlsoft libxslt/1.1.22
- version/xmlsoft libxslt/1.1.23
- version/xmlsoft libxslt/1.1.24
- version/xmlsoft libxslt/1.1.25
- version/xmlsoft libxslt/1.1.26
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/11.4
- version/opensuse opensuse/12.1
- version/opensuse opensuse/12.2
- version/opensuse opensuse/12.3