Engine_libxslt

Last modified by Nicolas Gregoire on 2012/07/23 16:53

Introduction

libxslt is a C based XSLT engine developed for the GNOME project.

Supported version

1.0

Command line

$> xsltproc foo.xsl foo.xml

Identification strings

xsl:vendor-urlhttp://xmlsoft.org/XSLT/
xsl:vendorlibxslt
xsl:version1.0

Known parser bugs

CVETitleTicketCreditsMisc
CVE-2012-2825Wild read in XSL handling127417Nicolas GregoireDiff
CVE-2011-3970Out-of-bounds read in libxslt110277Aki Helin of OUSPGDiff

Public repositories:

IconWarning

TODO: Add a page for libxml2

CVETitleTicketCreditsMisc
CVE-2012-2807Integer overflows in libxml129930Jüri AedlaDiff
CVE-2011-3919Heap-buffer-overflow in libxml107128Jüri AedlaDiff
CVE-2011-3102Off-by-one out-of-bounds write in libxml125462Jüri AedlaDiff
CVE-2011-3905Out-of-bounds reads in libxml95465InfernoDiff
CVE-2011-2834Double free in libxml XPath handling93472Yang DingningDiff
CVE-2011-2821Double free in libxml XPath handling89402 (public)Yang DingningDiff1 Diff2
CVE-2011-0216Off-by-one error leading to heap-based buffer overflow in encodingBilly RiosDiff
CVE-2011-1944Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesetsChris EvansDiff Blogpost
CVE-2010-4494Double free in libxml XPath handling63444 (public)Yang DingningDiff1 Diff2
CVE-2010-4008Crash by traversal of XPath axis58731 (public)Bui Quang Minh from BkisDiff1 Diff2

Public repositories:

Special features

  • File creation
  • Cryptographic functions

File creation

Several functions, associated at different namespaces, allow to create files on the engine side. They're all aliases to the xsltDocumentElem() function defined in libxslt/transform.c. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten. 

NamespaceExtension elementParameterPoC
http://www.w3.org/1999/XSL/Transformdocumenthreflibxslt-xsl-document.xsl
http://www.jclark.com/xtdocumenthreflibxslt-xt-document.xsl
http://exslt.org/commondocumenthreflibxslt-exslt-document.xsl
org.apache.xalan.xslt.extensions.Redirectwritehreflibxslt-xalan-write.xsl
http://icl.com/saxonoutputhreflibxslt-saxon-output.xsl

Note : The first line uses the standard XSLT namespace, which is always available.

Cryptographic functions

IconWarning

TODO