The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CPENameOperatorVersion
libxslteq1.1.29-rc2
libxslteqLIBXSLT_1_0_20
libxslteqLIBXSLT_1_1_15
libxslteqLIBXSLT_1_1_16
libxslteqLIBXSLT_1_1_10
libxslteq1.1.28-r2
libxslteqLIBXSLT_1_1_0
libxslteqLIBXSLT_1_1_4
libxslteqLIBXSLT_1_0_29
libxslteq1.1.28

Name	Operator	Version
libxslt	eq	1.1.29-rc2
libxslt	eq	LIBXSLT_1_0_20
libxslt	eq	LIBXSLT_1_1_15
libxslt	eq	LIBXSLT_1_1_16
libxslt	eq	LIBXSLT_1_1_10
libxslt	eq	1.1.28-r2
libxslt	eq	LIBXSLT_1_1_0
libxslt	eq	LIBXSLT_1_1_4
libxslt	eq	LIBXSLT_1_0_29
libxslt	eq	1.1.28

Rows per page:

1-10 of 961

References

rhn.redhat.com/errata/RHSA-2017-0499.html

www.debian.org/security/2017/dsa-3810

www.securityfocus.com/bid/96767

www.securitytracker.com/id/1038157

chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

crbug.com/676623

git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

nessus 43

openvas 33

ubuntucve 2

cve 2

archlinux 3

debiancve 2

freebsd 3

slackware 1

prion 2

mageia 3

cvelist 2

nvd 2

ibm 1

osv 9

debian 6

redhatcve 1

github 1

alpinelinux 1

ubuntu 2

gentoo 1

rubygems 2

photon 2

apple 22

rosalinux 1

suse 2

redhat 1

chrome 1

fedora 3

tenable 1

androidsecurity 1

nessus

SUSE SLES11 Security Update : libxslt (SUSE-SU-2017:1282-1)

2017-05-16 00:00:00

SUSE SLED12 / SLES12 Security Update : libxslt (SUSE-SU-2017:1313-1)

2017-05-17 00:00:00

openSUSE Security Update : libxslt (openSUSE-2017-609)

2017-05-24 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2017:1313-1)

2021-04-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2017:1282-1)

2021-06-09 00:00:00

Mageia: Security Advisory (MGASA-2015-0432)

2015-11-08 00:00:00

ubuntucve

CVE-2015-7995

2015-11-17 00:00:00

CVE-2017-5029

2017-03-10 00:00:00

cve

CVE-2015-7995

2015-11-17 15:59:16

CVE-2017-5029

2017-04-24 23:59:00

archlinux

libxslt: denial of service

2016-01-13 00:00:00

[ASA-201703-5] libxslt: arbitrary code execution

2017-03-12 00:00:00

[ASA-201703-4] chromium: multiple issues

2017-03-11 00:00:00

debiancve

CVE-2015-7995

2015-11-17 15:59:16

CVE-2017-5029

2017-04-24 23:59:00

freebsd

libxslt -- DoS vulnerability due to type confusing error

2015-10-29 00:00:00

GitLab -- multiple vulnerabilities

2017-09-07 00:00:00

chromium -- multiple vulnerabilities

2017-03-09 00:00:00

slackware

[slackware-security] libxslt

2016-05-27 23:33:32

prion

Type confusion

2015-11-17 15:59:00

Integer overflow

2017-04-24 23:59:00

mageia

Updated libxslt packages fix security vulnerability

2015-11-06 01:46:03

Updated libxslt packages fix security vulnerability

2017-05-02 09:37:59

Updated chromium-browser-stable packages fix security vulnerability

2017-04-21 10:24:22

cvelist

CVE-2015-7995

2015-11-17 15:00:00

CVE-2017-5029

2017-04-24 23:00:00

nvd

CVE-2015-7995

2015-11-17 15:59:16

CVE-2017-5029

2017-04-24 23:59:00

ibm

Security Bulletin: Vulnerabilities in libxslt affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems

2023-04-14 14:32:25

osv

libxslt - security update

2017-03-23 00:00:00

Nokogiri implementation of libxslt lacks integer overflow checks

2018-07-31 18:21:29

CVE-2019-5815

2019-12-11 01:15:10

debian

[SECURITY] [DLA 866-1] libxslt security update

2017-03-23 13:20:26

[SECURITY] [DSA 3605-1] libxslt security update

2016-06-19 05:00:31

[SECURITY] [DLA 514-1] libxslt security update

2016-06-12 21:50:20

redhatcve

CVE-2017-5029

2017-03-10 09:20:20

github

Nokogiri implementation of libxslt lacks integer overflow checks

2018-07-31 18:21:29

alpinelinux

CVE-2017-5029

2017-04-24 23:59:00

ubuntu

Libxslt vulnerabilities

2017-04-28 00:00:00

Oxide vulnerabilities

2017-03-29 00:00:00

gentoo

libxslt: Multiple vulnerabilities

2018-04-04 00:00:00

rubygems

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29

2017-05-08 21:00:00

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt

2015-04-13 21:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0018

2017-05-31 00:00:00

Important Photon OS Security Update - PHSA-2017-0044

2017-05-31 00:00:00

apple

About the security content of iCloud for Windows 6.2

2017-03-28 00:00:00

About the security content of iCloud for Windows 6.2 - Apple Support

2017-04-24 06:47:37

About the security content of tvOS 9.1.1

2016-01-25 00:00:00

rosalinux

Advisory ROSA-SA-2021-1906

2021-07-02 17:26:03

suse

Security update for Chromium (important)

2017-03-18 00:09:23

Security update for Chromium (important)

2017-03-18 00:08:56

redhat

(RHSA-2017:0499) Important: chromium-browser security update

2017-03-14 06:03:42

chrome

Stable Channel Update for Desktop

2017-03-09 00:00:00

fedora

[SECURITY] Fedora 25 Update: qt5-qtwebengine-5.9.0-4.fc25

2017-07-12 03:27:41

[SECURITY] Fedora 26 Update: qt5-qtwebengine-5.9.0-4.fc26

2017-07-06 22:53:47

[SECURITY] Fedora 24 Update: qt5-qtwebengine-5.6.3-0.1.20170712gitee719ad313e564.fc24

2017-07-23 21:52:43

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

androidsecurity

Android Security Bulletin—June 2017

2017-06-05 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for OSV:CVE-2017-5029