Vigil@nce: libxslt, denial of service via xsltCompilePatternInternal
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open an XML document with
XSLT, in order to stop an application linked to libxslt.
– Severity: 1/4
– Creation date: 12/03/2012
IMPACTED PRODUCTS
– Mandriva Enterprise Server
– Mandriva Linux
– openSUSE
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The libxslt library processes XSLT transformations to be applied
on an XML document.
The XSLT language uses patterns to indicate elements where to
apply transformations. For example: *, a/b, a|b,
SECTION[TITLE="Contents"], etc.
The xsltCompilePatternInternal() function of the libxslt/pattern.c
file compiles these patterns. However, if the pattern opens a
quote, but does not close it, this function continues to read
after the end of the memory area.
An attacker can therefore invite the victim to open an XML
document with XSLT, in order to stop an application linked to
libxslt.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libxslt-denial-of-service-via-xsltCompilePatternInternal-11417