CVE-2012-2871
EPSS 0.45%
Description
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
How to fix CVE-2012-2871
To remediate CVE-2012-2871, upgrade the affected package to a fixed version below.
- Debian/libxslt—upgrade to 1.1.26-14 or later
Is CVE-2012-2871 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.26-14