CVE-2012-2870 (retired)

Priority
Description
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89,
does not properly manage memory, which might allow remote attackers to
cause a denial of service (application crash) via a crafted XSLT expression
that is not properly identified during XPath navigation, related to (1) the
xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the
xsltGenerateIdFunction function in libxslt/functions.c.
Notes
 jdstrand> mdeslaur provided the update for libxslt
Assigned-to
chad
More Information

Updated: 2019-03-26 12:02:34 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)