XMLSoft libxslt 1.1.34

CPE Details

XMLSoft libxslt 1.1.34
xmlsoft
libxslt
1.1.34
2021-05-24
17h16 +00:00
2021-06-21
15h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:xmlsoft:libxslt:1.1.34:-:*:*:*:*:*:*

Informations

Vendor

xmlsoft

Product

libxslt

Version

1.1.34

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29824 2022-05-02 22h00 +00:00 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
6.5
Medium
CVE-2021-30560 2021-08-02 22h00 +00:00 Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.