Anthony De Almeida Lopes

**Name of the Vulnerable Software and Affected Versions** libxslt versions prior to 1.1.24 libxslt version 1.0.33 **Description** The issue is related to a buffer overflow in pattern.c in libxslt, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed remotely. **Recommendations** For libxslt versions prior to 1.1.24, update to version 1.1.24 or later to resolve the issue. For libxslt version 1.0.33, update to a version that includes the fix for this issue, as version 1.0.33 is affected. At the moment, there is no information about additional mitigation measures for this issue.