Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2013-4520
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.27:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.31:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.5.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.30:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.14.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.26:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.10.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.32:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.29:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.13.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.12.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.25:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.8.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.9.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.11.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.28:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.1.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:0.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.33:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://secunia.com/advisories/56072
- https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html
- https://bugzilla.novell.com/show_bug.cgi?id=849019
- http://www.osvdb.org/99671
- https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html
- http://seclists.org/oss-sec/2013/q4/238
- https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa
- http://seclists.org/oss-sec/2013/q4/239