#VU32281 Buffer overflow in libxslt - CVE-2016-1683

Cybersecurity Help s.r.o.

Published: 2016-06-05 | Updated: 2020-07-28

Vulnerability identifier: #VU32281

Vulnerability risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-1683

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libxslt
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libxslt: 1.1.0 - 1.1.28

External links
https://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
https://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
https://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
https://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
https://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
https://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
https://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
https://www.debian.org/security/2016/dsa-3590
https://www.debian.org/security/2016/dsa-3605
https://www.securityfocus.com/bid/90876
https://www.securityfocus.com/bid/91826
https://www.securitytracker.com/id/1035981
https://www.ubuntu.com/usn/USN-2992-1
https://access.redhat.com/errata/RHSA-2016:1190
https://bugzilla.redhat.com/show_bug.cgi?id=1340016
https://crbug.com/583156
https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
https://security.gentoo.org/glsa/201607-07
https://support.apple.com/HT206899
https://support.apple.com/HT206901
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206904
https://support.apple.com/HT206905

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in libxslt (Alpine package)

Buffer overflow in libxslt for Libxml2