libxslt is a C based XSLT engine developed for the GNOME project.

Supported version


Command line

$> xsltproc foo.xsl foo.xml

Identification strings


Known parser bugs

CVE-2012-2825Wild read in XSL handling127417Nicolas GregoireDiff
CVE-2011-3970Out-of-bounds read in libxslt110277Aki Helin of OUSPGDiff

Public repositories:

TODO: Add a page for libxml2

CVE-2012-2807Integer overflows in libxml129930Jüri AedlaDiff
CVE-2011-3919Heap-buffer-overflow in libxml107128Jüri AedlaDiff
CVE-2011-3102Off-by-one out-of-bounds write in libxml125462Jüri AedlaDiff
CVE-2011-3905Out-of-bounds reads in libxml95465InfernoDiff
CVE-2011-2834Double free in libxml XPath handling93472Yang DingningDiff
CVE-2011-2821Double free in libxml XPath handling89402 (public)Yang DingningDiff1 Diff2
CVE-2011-0216Off-by-one error leading to heap-based buffer overflow in encodingBilly RiosDiff
CVE-2011-1944Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesetsChris EvansDiff Blogpost
CVE-2010-4494Double free in libxml XPath handling63444 (public)Yang DingningDiff1 Diff2
CVE-2010-4008Crash by traversal of XPath axis58731 (public)Bui Quang Minh from BkisDiff1 Diff2

Public repositories:

Special features

  • File creation
  • Cryptographic functions

File creation

Several functions, associated at different namespaces, allow to create files on the engine side. They're all aliases to the xsltDocumentElem() function defined in libxslt/transform.c. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten. 

NamespaceExtension elementParameterPoC

Note : The first line uses the standard XSLT namespace, which is always available.

Cryptographic functions




Welcome on the XSLT Hacking Encyclopedia !

You may be interested by the Engines and Applications pages.

Link to the blog
Twitter: @Agarri_FR

Tag Cloud

Unknown macro: tagcloud. Click on this message for details.

Content by Nicolas Grégoire / Agarri
Blog - Follow me @Agarri_FR