medium
4
Advisory Published
Updated

REDHAT-BUG-1257962

First published: Fri Aug 28 2015(Updated: )

A vulnerability in function xsltStylePreCompute" in preproc.c was found, the cause of which is a type confusion leading to DoS. As reported in <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED DUPLICATE - Libxslt 1.1.28 Type Confusion vulnerability may cause DOS" href="show_bug.cgi?id=1257058">https://bugzilla.redhat.com/show_bug.cgi?id=1257058</a> : """ Through analysis we get to know that parent-&gt;ns-&gt;href in line 2250 of preproc.c is an invalid value with our poc. The whole process is as follow: 1&gt; The main function in xsltproc.c will call xmlReadFile to read a .xml file. xmlReadFile will return a xmlDocPtr which points to the xmlDoc. When we print xmlDocPtr-&gt;children-&gt;parent-&gt;ns, its value is 0xffffffff. Obviously, this value is not a correct one. 2&gt; Later in xsltStylePreCompute of preproc.c, the function will see whether current element is 'attribute', if yes,if inst-&gt;parent!=NULL and parent-&gt;ns!=NULL, then it will call xmlStrEqual, the first parameter is a ptr but its value is 0xffffffff! 3&gt; We went further into libxml and see why this happened.The result is : in SAX2.c +2293 of libxml, we found that the first parameter "ctxt-&gt;myDoc" is a xmlDocPtr, but it will be teated as a xmlNodePtr. Obviously, xmlDoc and xmlNode have different structure. This is why "xmlDocPtr-&gt;children-&gt;parent-&gt;ns" get a invalid value(0xffffffff), this value comes from xmlDoc-&gt;compression. """

Affected SoftwareAffected VersionHow to fix
libxslt

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of REDHAT-BUG-1257962?

    The severity of REDHAT-BUG-1257962 is categorized as a Denial of Service (DoS) vulnerability due to type confusion in the xsltStylePreCompute function.

  • How do I fix REDHAT-BUG-1257962?

    To fix REDHAT-BUG-1257962, upgrade to the latest version of Libxslt that addresses this vulnerability.

  • Which versions of Libxslt are affected by REDHAT-BUG-1257962?

    All versions of Libxslt prior to the patch release addressing REDHAT-BUG-1257962 are potentially affected.

  • What causes the vulnerability REDHAT-BUG-1257962?

    REDHAT-BUG-1257962 is caused by a type confusion in the xsltStylePreCompute function within preproc.c.

  • Is there a known exploit for REDHAT-BUG-1257962?

    As of now, there are no public exploits reported specifically for REDHAT-BUG-1257962.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203