CVE-2013-4520

critical

Description

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

References

https://www.suse.com/support/update/announcement/2013/suse-su-20131656-1.html

https://www.suse.com/support/update/announcement/2013/suse-su-20131654-1.html

http://www.osvdb.org/99671

http://secunia.com/advisories/56072

http://seclists.org/oss-sec/2013/q4/239

http://seclists.org/oss-sec/2013/q4/238

Details

Source: Mitre, NVD

Published: 2013-12-14

Updated: 2013-12-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical