Vigil@nce: libxslt, double memory free via xmlFreeNodeList
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use malicious XSLT data, in order to stop
applications linked to libxslt, and possibly to execute code.
– Impacted products: Debian, Fedora, MES, Mandriva Linux, openSUSE,
– RHEL, Unix (platform)
– Severity: 2/4
– Creation date: 08/10/2012
DESCRIPTION OF THE VULNERABILITY
The libxslt library processes XSLT transformations to be applied
on an XML document.
The xsltAttrTemplateProcess() and xsltAttrListTemplateProcess()
functions of the libxslt/templates.c file can be used to process
attributes on a template. However, if the attribute value is
member of a dictionary, this value is freed twice by the
xmlFreeNodeList() function.
An attacker can therefore use malicious XSLT data, in order to
stop applications linked to libxslt, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libxslt-double-memory-free-via-xmlFreeNodeList-12002