Introduction
libxslt is a C based XSLT engine developed for the GNOME project.
Supported version
1.0
Command line
$> xsltproc foo.xsl foo.xml
Identification strings
xsl:vendor-url | http://xmlsoft.org/XSLT/ |
---|
xsl:vendor | libxslt |
---|
xsl:version | 1.0 |
---|
Known parser bugs
CVE | Title | Ticket | Credits | Misc |
---|
CVE-2012-2825 | Wild read in XSL handling | 127417 | Nicolas Gregoire | Diff |
CVE-2011-3970 | Out-of-bounds read in libxslt | 110277 | Aki Helin of OUSPG | Diff |
TODO: Add a page for libxml2
CVE | Title | Ticket | Credits | Misc |
---|
CVE-2012-2807 | Integer overflows in libxml | 129930 | Jüri Aedla | Diff |
CVE-2011-3119 | Heap-buffer-overflow in libxml | 107128 | Jüri Aedla | Diff |
CVE-2011-3102 | Off-by-one out-of-bounds write in libxml | 125462 | Jüri Aedla | Diff |
CVE-2011-3905 | Out-of-bounds reads in libxml | 95465 | Google Chrome Security Team (Inferno) |
CVE-2011-2834 | Double free in libxml XPath handling | 93472 | Yang Dingning from NCNIPC |
CVE-2011-2821 | Double free in libxml XPath handling | 89402 | Yang Dingning from NCNIPC |
Special features
- File creation
- Cryptographic functions
File creation
Several functions, associated at different namespaces, allow to create files on the engine side. They're all aliases to the xsltDocumentElem() function defined in libxslt/transform.c. The content written to the file must be valid UTF-8 (so plain ASCII works too). Existing files can be overwritten.
Note : The first line uses the standard XSLT namespace, which is always available.
Cryptographic functions