Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-4520

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

Published

2013-12-14T20:55:03.407

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xmlsoft	libxslt	≤ 1.1.24	Yes
Application	xmlsoft	libxslt	0.0.1	Yes
Application	xmlsoft	libxslt	0.1.0	Yes
Application	xmlsoft	libxslt	0.2.0	Yes
Application	xmlsoft	libxslt	0.3.0	Yes
Application	xmlsoft	libxslt	0.4.0	Yes
Application	xmlsoft	libxslt	0.5.0	Yes
Application	xmlsoft	libxslt	0.6.0	Yes
Application	xmlsoft	libxslt	0.7.0	Yes
Application	xmlsoft	libxslt	0.8.0	Yes
Application	xmlsoft	libxslt	0.9.0	Yes
Application	xmlsoft	libxslt	0.10.0	Yes
Application	xmlsoft	libxslt	0.11.0	Yes
Application	xmlsoft	libxslt	0.12.0	Yes
Application	xmlsoft	libxslt	0.13.0	Yes
Application	xmlsoft	libxslt	0.14.0	Yes
Application	xmlsoft	libxslt	1.0.0	Yes
Application	xmlsoft	libxslt	1.0.1	Yes
Application	xmlsoft	libxslt	1.0.2	Yes
Application	xmlsoft	libxslt	1.0.3	Yes
Application	xmlsoft	libxslt	1.0.4	Yes
Application	xmlsoft	libxslt	1.0.5	Yes
Application	xmlsoft	libxslt	1.0.6	Yes
Application	xmlsoft	libxslt	1.0.7	Yes
Application	xmlsoft	libxslt	1.0.8	Yes
Application	xmlsoft	libxslt	1.0.9	Yes
Application	xmlsoft	libxslt	1.0.10	Yes
Application	xmlsoft	libxslt	1.0.11	Yes
Application	xmlsoft	libxslt	1.0.12	Yes
Application	xmlsoft	libxslt	1.0.13	Yes
Application	xmlsoft	libxslt	1.0.14	Yes
Application	xmlsoft	libxslt	1.0.15	Yes
Application	xmlsoft	libxslt	1.0.16	Yes
Application	xmlsoft	libxslt	1.0.17	Yes
Application	xmlsoft	libxslt	1.0.18	Yes
Application	xmlsoft	libxslt	1.0.19	Yes
Application	xmlsoft	libxslt	1.0.20	Yes
Application	xmlsoft	libxslt	1.0.21	Yes
Application	xmlsoft	libxslt	1.0.22	Yes
Application	xmlsoft	libxslt	1.0.23	Yes
Application	xmlsoft	libxslt	1.0.24	Yes
Application	xmlsoft	libxslt	1.0.25	Yes
Application	xmlsoft	libxslt	1.0.26	Yes
Application	xmlsoft	libxslt	1.0.27	Yes
Application	xmlsoft	libxslt	1.0.28	Yes
Application	xmlsoft	libxslt	1.0.29	Yes
Application	xmlsoft	libxslt	1.0.30	Yes
Application	xmlsoft	libxslt	1.0.31	Yes
Application	xmlsoft	libxslt	1.0.32	Yes
Application	xmlsoft	libxslt	1.0.33	Yes
Application	xmlsoft	libxslt	1.1.0	Yes
Application	xmlsoft	libxslt	1.1.1	Yes
Application	xmlsoft	libxslt	1.1.2	Yes
Application	xmlsoft	libxslt	1.1.3	Yes
Application	xmlsoft	libxslt	1.1.4	Yes
Application	xmlsoft	libxslt	1.1.5	Yes
Application	xmlsoft	libxslt	1.1.6	Yes
Application	xmlsoft	libxslt	1.1.7	Yes
Application	xmlsoft	libxslt	1.1.8	Yes
Application	xmlsoft	libxslt	1.1.9	Yes
Application	xmlsoft	libxslt	1.1.10	Yes
Application	xmlsoft	libxslt	1.1.11	Yes
Application	xmlsoft	libxslt	1.1.12	Yes
Application	xmlsoft	libxslt	1.1.13	Yes
Application	xmlsoft	libxslt	1.1.14	Yes
Application	xmlsoft	libxslt	1.1.15	Yes
Application	xmlsoft	libxslt	1.1.16	Yes
Application	xmlsoft	libxslt	1.1.17	Yes
Application	xmlsoft	libxslt	1.1.18	Yes
Application	xmlsoft	libxslt	1.1.19	Yes
Application	xmlsoft	libxslt	1.1.20	Yes
Application	xmlsoft	libxslt	1.1.21	Yes
Application	xmlsoft	libxslt	1.1.22	Yes
Application	xmlsoft	libxslt	1.1.23	Yes

References

http://seclists.org/oss-sec/2013/q4/238 Patch ([email protected])
http://seclists.org/oss-sec/2013/q4/239 Patch ([email protected])
http://secunia.com/advisories/56072 Vendor Advisory ([email protected])
http://www.osvdb.org/99671 ([email protected])
https://bugzilla.novell.com/show_bug.cgi?id=849019 Exploit, Patch ([email protected])
https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa Exploit, Patch ([email protected])
https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html ([email protected])
https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html ([email protected])
http://seclists.org/oss-sec/2013/q4/238 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/oss-sec/2013/q4/239 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/56072 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/99671 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.novell.com/show_bug.cgi?id=849019 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://gitorious.org/libxslt/libxslt/commit/7089a62b8f133b42a2981cf1f920a8b3fe9a8caa Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html (af854a3a-2127-422b-91ae-364da2661108)