CVE-2017-5029: Integer Overflow
First published: Mon Mar 27 2017(Updated: )
libxslt. Multiple memory corruption issues were addressed through improved memory handling.
Credit: Holger Fuhrmannek cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and watchOS | <10.3 | 10.3 |
| Google Chrome | <=57.0.2987.75 | |
| Apple iOS and macOS | ||
| Linux Kernel | ||
| Microsoft Windows | ||
| Google Chrome | <=57.0.2987.100 | |
| Android | ||
| libxslt | =1.1.29 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux workstation | =6.0 |
Remedy
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT207617 (Advisory)
- http://rhn.redhat.com/errata/RHSA-2017-0499.html
- http://www.debian.org/security/2017/dsa-3810
- http://www.securityfocus.com/bid/96767
- http://www.securitytracker.com/id/1038157
- https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
- https://crbug.com/676623
- https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-2397
- CVE-2017-2430
- CVE-2017-2462
- CVE-2017-2379
- CVE-2017-2417
- CVE-2017-2444
- CVE-2017-2435
- CVE-2017-2450
- CVE-2017-2461
- CVE-2017-2414
- CVE-2017-2487
- CVE-2017-2406
- CVE-2017-2407
- CVE-2017-2439
- CVE-2017-2434
- CVE-2017-2428
- CVE-2017-2416
- CVE-2017-2432
- CVE-2017-2467
- CVE-2016-3619
- CVE-2017-2412
- CVE-2017-2491
- CVE-2017-2492
- CVE-2017-2398
- CVE-2017-2401
- CVE-2017-2440
- CVE-2017-2456
- CVE-2017-2472
- CVE-2017-2473
- CVE-2017-2474
- CVE-2017-2478
- CVE-2017-2482
- CVE-2017-2483
- CVE-2017-2490
- CVE-2017-2458
- CVE-2017-2448
- CVE-2017-2390
- CVE-2017-2441
- CVE-2017-5029
- CVE-2017-2399
- CVE-2017-2484
- CVE-2017-2380
- CVE-2017-2404
- CVE-2017-2376
- CVE-2017-2384
- CVE-2017-2389
- CVE-2017-2453
- CVE-2017-2393
- CVE-2017-2400
- CVE-2017-6976
- CVE-2017-2423
- CVE-2017-2451
- CVE-2017-2485
- CVE-2017-2452
- CVE-2017-2378
- CVE-2017-2486
- CVE-2017-2386
- CVE-2017-2394
- CVE-2017-2396
- CVE-2016-9642
- CVE-2017-2395
- CVE-2017-2454
- CVE-2017-2455
- CVE-2017-2457
- CVE-2017-2459
- CVE-2017-2460
- CVE-2017-2464
- CVE-2017-2465
- CVE-2017-2466
- CVE-2017-2468
- CVE-2017-2469
- CVE-2017-2470
- CVE-2017-2476
- CVE-2017-2481
- CVE-2017-2415
- CVE-2017-2419
- CVE-2016-9643
- CVE-2017-2424
- CVE-2017-2433
- CVE-2017-2364
- CVE-2017-2367
- CVE-2017-2445
- CVE-2017-2446
- CVE-2017-2447
- CVE-2017-2463
- CVE-2017-2471
- CVE-2017-2475
- CVE-2017-2479
- CVE-2017-2480
- CVE-2017-2493
- CVE-2017-2442
- CVE-2017-2377
- CVE-2017-2405
Frequently Asked Questions
What is the severity of CVE-2017-5029?
CVE-2017-5029 has a moderate severity rating due to potential memory corruption issues in libxslt.
How do I fix CVE-2017-5029?
To fix CVE-2017-5029, update to libxslt version 1.1.30 or later.
Which versions of Google Chrome are affected by CVE-2017-5029?
Google Chrome versions up to and including 57.0.2987.98 for Mac, Windows, and Linux, and 57.0.2987.108 for Android are affected by CVE-2017-5029.
Is CVE-2017-5029 applicable to macOS?
CVE-2017-5029 does not affect macOS, as the vulnerability pertains specifically to Google Chrome and libxslt.
What software uses libxslt that is affected by CVE-2017-5029?
Libxslt version 1.1.29 is affected by CVE-2017-5029, which may be used in software such as Google Chrome.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/weakness
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/apple ios, ipados, and watchos
- vendor/google
- canonical/google chrome
- version/google chrome/57.0.2987.75
- canonical/apple ios and macos
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows
- version/google chrome/57.0.2987.100
- canonical/android
- vendor/xmlsoft
- canonical/libxslt
- version/libxslt/1.1.29
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0