Required CVE Record Information
Description
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
References 22 Total
- debian.org: DSA-3605 vendor-advisory
- https://support.apple.com/HT206168
- https://support.apple.com/HT205731
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://support.apple.com/HT205729
- openwall.com: [oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS mailing-list
- openwall.com: [oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS mailing-list
- lists.apple.com: APPLE-SA-2016-01-25-1 vendor-advisory
- securitytracker.com: 1034736 vdb-entry
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- lists.apple.com: APPLE-SA-2016-01-19-2 vendor-advisory
- lists.apple.com: APPLE-SA-2016-03-21-2 vendor-advisory
- https://puppet.com/security/cve/cve-2015-7995
- lists.apple.com: APPLE-SA-2016-01-19-1 vendor-advisory
- https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
- securityfocus.com: 77325 vdb-entry
- lists.opensuse.org: openSUSE-SU-2016:1439 vendor-advisory
- slackware.com: SSA:2016-148-02 vendor-advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- https://support.apple.com/HT205732
- https://bugzilla.redhat.com/show_bug.cgi?id=1257962
- securitytracker.com: 1038623 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 22 Total
- debian.org: DSA-3605 vendor-advisoryx_transferred
- https://support.apple.com/HT206168 x_transferred
- https://support.apple.com/HT205731 x_transferred
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017 x_transferred
- https://support.apple.com/HT205729 x_transferred
- openwall.com: [oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS mailing-listx_transferred
- openwall.com: [oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS mailing-listx_transferred
- lists.apple.com: APPLE-SA-2016-01-25-1 vendor-advisoryx_transferred
- securitytracker.com: 1034736 vdb-entryx_transferred
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380 x_transferred
- lists.apple.com: APPLE-SA-2016-01-19-2 vendor-advisoryx_transferred
- lists.apple.com: APPLE-SA-2016-03-21-2 vendor-advisoryx_transferred
- https://puppet.com/security/cve/cve-2015-7995 x_transferred
- lists.apple.com: APPLE-SA-2016-01-19-1 vendor-advisoryx_transferred
- https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 x_transferred
- securityfocus.com: 77325 vdb-entryx_transferred
- lists.opensuse.org: openSUSE-SU-2016:1439 vendor-advisoryx_transferred
- slackware.com: SSA:2016-148-02 vendor-advisoryx_transferred
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html x_transferred
- https://support.apple.com/HT205732 x_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=1257962 x_transferred
- securitytracker.com: 1038623 vdb-entryx_transferred