CVE-2012-6139
libxslt - denial of service
EPSS 10.8%
Description
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.
How to fix CVE-2012-6139
To remediate CVE-2012-6139, upgrade the affected package to a fixed version below.
- Debian/libxslt—upgrade to 1.1.26-14.1 or later
- Debian/libxslt—upgrade to 1.1.26-6+squeeze3 or later
Is CVE-2012-6139 being exploited?
Moderate — EPSS is 10.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.1.26-14.1
- from 0, < 1.1.26-6+squeeze3