Changes for page Engine_libxslt
on 2012/07/23 16:36
on 2012/07/23 16:39
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -21,12 +21,22 @@ 21 21 22 22 = Known parser bugs = 23 23 24 +|=CVE|=Title|=Ticket|=Credits 25 +|CVE-2012-2825|Wild read in XSL handling|https://code.google.com/p/chromium/issues/detail?id=127417|Nicolas Gregoire 26 +|http:~/~/www.w3.org/1999/XSL/Transform|document|href|[[libxslt-xsl-document.xsl>>attach:libxslt-xsl-document.xsl]]\\ 27 +|http:~/~/www.jclark.com/xt|document|href|[[libxslt-xt-document.xsl>>attach:libxslt-xt-document.xsl]]\\ 28 +|http:~/~/exslt.org/common|document|href|[[libxslt-exslt-document.xsl>>attach:libxslt-exslt-document.xsl]]\\ 29 +|org.apache.xalan.xslt.extensions.Redirect|write|href|[[libxslt-xalan-write.xsl>>attach:libxslt-xalan-write.xsl]]\\ 30 +|http:~/~/icl.com/saxon|output|href|[[libxslt-saxon-output.xsl>>attach:libxslt-saxon-output.xsl]]\\ 31 + 24 24 * Wild read CVE-2012-2825 25 25 * Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire. 26 26 * [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG. 27 27 28 28 {{warning}} 29 -TODO: Add a page for libxml2 itself (CVE-2012-2807) 37 +TODO: Add a page for libxml2 38 +{{/warning}} 39 + 30 30 [129930] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla. 31 31 [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml. Credit to Jüri Aedla. 32 32 [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla. ... ... @@ -33,8 +33,14 @@ 33 33 [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno) 34 34 [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. 35 35 [89402] High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. 36 -{{/warning}} 37 37 47 +|=Namespace|=Extension element|=Parameter|=PoC 48 +|http:~/~/www.w3.org/1999/XSL/Transform|document|href|[[libxslt-xsl-document.xsl>>attach:libxslt-xsl-document.xsl]]\\ 49 +|http:~/~/www.jclark.com/xt|document|href|[[libxslt-xt-document.xsl>>attach:libxslt-xt-document.xsl]]\\ 50 +|http:~/~/exslt.org/common|document|href|[[libxslt-exslt-document.xsl>>attach:libxslt-exslt-document.xsl]]\\ 51 +|org.apache.xalan.xslt.extensions.Redirect|write|href|[[libxslt-xalan-write.xsl>>attach:libxslt-xalan-write.xsl]]\\ 52 +|http:~/~/icl.com/saxon|output|href|[[libxslt-saxon-output.xsl>>attach:libxslt-saxon-output.xsl]]\\ 53 + 38 38 = Special features = 39 39 40 40 * File creation