CVE-2011-1202

Description

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

How to fix CVE-2011-1202

To remediate CVE-2011-1202, upgrade the affected package to a fixed version below.

• Debian/libxslt—upgrade to 1.1.26-7 or later

Is CVE-2011-1202 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.1.26-7

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1202