CVE-2012-2870
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.3
Description
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | | |
| macos | 1.0.0 | affected | |
| macos | 1.0.1 | affected | |
| macos | 1.0.2 | affected | |
| macos | 1.1.0 | affected | |
| macos | 1.1.1 | affected | |
| macos | 1.1.2 | affected | |
| macos | 1.1.3 | affected | |
| macos | 1.1.4 | affected | |
| macos | 1.1.5 | affected | |
| macos | 2.0 | affected | |
| macos | 2.0.0 | affected | |
| macos | 2.0.1 | affected | |
| macos | 2.0.2 | affected | |
| macos | 2.1 | affected | |
| macos | 2.1.1 | affected | |
| macos | 2.2 | affected | |
| macos | 2.2.1 | affected | |
| macos | 3.0 | affected | |
| macos | 3.0.1 | affected | |
| macos | 3.1 | affected | |
| macos | 3.1.2 | affected | |
| macos | 3.1.3 | affected | |
| macos | 3.2 | affected | |
| macos | 3.2.1 | affected | |
| macos | 3.2.2 | affected | |
| macos | 4.0 | affected | |
| macos | 4.0.1 | affected | |
| debian | bookworm | fixed | 1.1.26-14 |
| debian | bullseye | fixed | 1.1.26-14 |
| debian | forky | fixed | 1.1.26-14 |
| debian | sid | fixed | 1.1.26-14 |
| debian | trixie | fixed | 1.1.26-14 |
| macos | 4.0.2 | affected | |
| macos | 4.1 | affected | |
| macos | 4.2.1 | affected | |
| macos | 4.2.5 | affected | |
| macos | 4.2.8 | affected | |
| macos | 4.3.0 | affected | |
| macos | 4.3.1 | affected | |
| macos | 4.3.2 | affected | |
| macos | 4.3.3 | affected | |
| macos | 4.3.5 | affected | |
| macos | 5.0 | affected | |
| macos | 5.0.1 | affected | |
| macos | 5.1 | affected | |
| macos | 5.1.1 | affected | |
| macos | 6.0 | affected | |
| macos | 6.0.1 | affected | |
| macos | 6.0.2 | affected | |
| macos | 6.1 | affected | |
| macos | 6.1.2 | affected | |
| macos | 6.1.3 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| chrome | {"endIncluding":"21.0.1180.88"} | | |
| chrome | 21.0.1180.0 | | |
| chrome | 21.0.1180.1 | | |
| chrome | 21.0.1180.2 | | |
| chrome | 21.0.1180.31 | | |
| chrome | 21.0.1180.32 | | |
| chrome | 21.0.1180.33 | | |
| chrome | 21.0.1180.34 | | |
| chrome | 21.0.1180.35 | | |
| chrome | 21.0.1180.36 | | |
| chrome | 21.0.1180.37 | | |
| chrome | 21.0.1180.38 | | |
| chrome | 21.0.1180.39 | | |
| chrome | 21.0.1180.41 | | |
| chrome | 21.0.1180.46 | | |
| chrome | 21.0.1180.47 | | |
| chrome | 21.0.1180.48 | | |
| chrome | 21.0.1180.49 | | |
| chrome | 21.0.1180.50 | | |
| chrome | 21.0.1180.51 | | |
| chrome | 21.0.1180.52 | | |
| chrome | 21.0.1180.53 | | |
| chrome | 21.0.1180.54 | | |
| chrome | 21.0.1180.55 | | |
| chrome | 21.0.1180.56 | | |
| chrome | 21.0.1180.57 | | |
| chrome | 21.0.1180.59 | | |
| chrome | 21.0.1180.60 | | |
| chrome | 21.0.1180.61 | | |
| chrome | 21.0.1180.62 | | |
| chrome | 21.0.1180.63 | | |
| chrome | 21.0.1180.64 | | |
| chrome | 21.0.1180.68 | | |
| chrome | 21.0.1180.69 | | |
| chrome | 21.0.1180.70 | | |
| chrome | 21.0.1180.71 | | |
| chrome | 21.0.1180.72 | | |
| chrome | 21.0.1180.73 | | |
| chrome | 21.0.1180.74 | | |
| chrome | 21.0.1180.75 | | |
| chrome | 21.0.1180.76 | | |
| chrome | 21.0.1180.77 | | |
| chrome | 21.0.1180.78 | | |
| chrome | 21.0.1180.79 | | |
| chrome | 21.0.1180.80 | | |
| chrome | 21.0.1180.81 | | |
| chrome | 21.0.1180.82 | | |
| chrome | 21.0.1180.83 | | |
| chrome | 21.0.1180.84 | | |
| chrome | 21.0.1180.85 | | |
| chrome | 21.0.1180.86 | | |
| chrome | 21.0.1180.87 | | |
| xmlsoft | libxslt | {"endIncluding":"1.1.26"} | |
| xmlsoft | libxslt | 1.1.8 | |
| xmlsoft | libxslt | 1.1.9 | |
| xmlsoft | libxslt | 1.1.10 | |
| xmlsoft | libxslt | 1.1.11 | |
| xmlsoft | libxslt | 1.1.12 | |
| xmlsoft | libxslt | 1.1.13 | |
| xmlsoft | libxslt | 1.1.14 | |
| xmlsoft | libxslt | 1.1.15 | |
| xmlsoft | libxslt | 1.1.16 | |
| xmlsoft | libxslt | 1.1.17 | |
| xmlsoft | libxslt | 1.1.18 | |
| xmlsoft | libxslt | 1.1.19 | |
| xmlsoft | libxslt | 1.1.20 | |
| xmlsoft | libxslt | 1.1.21 | |
| xmlsoft | libxslt | 1.1.22 | |
| xmlsoft | libxslt | 1.1.23 | |
| xmlsoft | libxslt | 1.1.24 | |
References
- http://code.google.com/p/chromium/issues/detail?id=138672
- http://code.google.com/p/chromium/issues/detail?id=140368
- http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html
- http://secunia.com/advisories/50838
- http://secunia.com/advisories/54886
- http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998
- http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log
- http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123
- http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log
- http://support.apple.com/kb/HT5934
- http://support.apple.com/kb/HT6001
- http://www.debian.org/security/2012/dsa-2555
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
- https://chromiumcodereview.appspot.com/10823168
- https://chromiumcodereview.appspot.com/10830177
- https://security-tracker.debian.org/tracker/CVE-2012-2870
CWEs
CWE-399
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.