libxslt XSL File Processing Buffer Overflow Vulnerability

  Severity: HIGH
  CVE Identifier: CVE-2008-1767
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1002650
  Trend Micro Deep Security DPI Rule Name: 1002650 - libxslt XSL File Processing Buffer Overflow Vulnerability

  AFFECTED SOFTWARE AND VERSION

  • redhat Enterprise Linux Desktop 5
  • redhat Enterprise Linux Desktop Workstation 5
  • redhat desktop 3
  • redhat desktop 4
  • redhat enterprise_linux 2.1
  • redhat enterprise_linux 3
  • redhat enterprise_linux 4
  • redhat enterprise_linux 5
  • redhat linux_advanced_workstation 2.1

Featured Stories