Engine_libxslt
- Introduction
- Supported version
- Command line
- Identification strings
- Known parser bugs
- Special features
- File creation
- Cryptographic functions
Introduction
libxslt is a C based XSLT engine developed for the GNOME project.
Supported version
1.0
Command line
$> xsltproc foo.xsl foo.xml
Identification strings
xsl:vendor-url | http://xmlsoft.org/XSLT/ |
---|---|
xsl:vendor | libxslt |
xsl:version | 1.0 |
Known parser bugs
CVE | Title | Ticket | Credits | Misc |
---|---|---|---|---|
CVE-2012-2825 | Wild read in XSL handling | 127417 | Nicolas Gregoire | Diff |
CVE-2011-3970 | Out-of-bounds read in libxslt | 110277 | Aki Helin of OUSPG | Diff |
CVE | Title | Ticket | Credits | Misc | ||||
---|---|---|---|---|---|---|---|---|
CVE-2012-2807 | Integer overflows in libxml | 129930 | Jüri Aedla | Diff | ||||
CVE-2011-3919 | Heap-buffer-overflow in libxml | 107128 | Jüri Aedla | Diff | ||||
CVE-2011-3102 | Off-by-one out-of-bounds write in libxml | 125462 | Jüri Aedla | Diff | ||||
CVE-2011-3905 | Out-of-bounds reads in libxml | 95465 | Google Chrome Security Team (Inferno) | |||||
CVE-2011-2834 | Double free in libxml XPath handling | 93472 | Yang Dingning | |||||
CVE-2011-2821 | Double free in libxml XPath handling | 89402 (public) | Yang Dingning | Diff1 Diff2 | ||||
No CVE ? | Double free in libxml XPath handling | 63444 (public) | Yang Dingning | Diff1 Diff2 [CVE-2011-0216 | Off-by-one error leading to heap-based buffer overflow in encoding | |||
CVE-2011-1944 | Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets | |||||||
CVE-2010-4008 | Crash by traversal of XPath axis | Bui Quang Minh from Bkis | ||||||
CVE-2010-4494 | Ddouble-free in XPath processing code |
Special features
- File creation
- Cryptographic functions
File creation
Several functions, associated at different namespaces, allow to create files on the engine side. They're all aliases to the xsltDocumentElem() function defined in libxslt/transform.c. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten.
Namespace | Extension element | Parameter | PoC |
---|---|---|---|
http://www.w3.org/1999/XSL/Transform | document | href | |
http://www.jclark.com/xt | document | href | |
http://exslt.org/common | document | href | |
org.apache.xalan.xslt.extensions.Redirect | write | href | |
http://icl.com/saxon | output | href |
Note : The first line uses the standard XSLT namespace, which is always available.