Vigil@nce - libxslt: denial of service of xsltDocumentFunction
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious XSL file using document(), and
send it to applications linked to libxslt, in order to stop them.
Impacted products: Debian, openSUSE, Unix (platform)
Severity: 2/4
Creation date: 25/03/2013
DESCRIPTION OF THE VULNERABILITY
The XSLT document() function is used to access to node of an
external XML document.
The xsltDocumentFunction() function of the libxslt/functions.c
file implements XSLT document(). However when the parameter of the
document() function is an uninitialized variable, the
xsltDocumentFunction() function dereferences a NULL pointer.
An attacker can therefore create a malicious XSL file using
document(), and send it to applications linked to libxslt, in
order to stop them.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libxslt-denial-of-service-of-xsltDocumentFunction-12565