CVE-2008-1767

Name of the Vulnerable Software and Affected Versions libxslt versions prior to 1.1.24 libxslt version 1.0.33

Description The issue is related to a buffer overflow in pattern.c in libxslt, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed remotely.

Recommendations For libxslt versions prior to 1.1.24, update to version 1.1.24 or later to resolve the issue. For libxslt version 1.0.33, update to a version that includes the fix for this issue, as version 1.0.33 is affected. At the moment, there is no information about additional mitigation measures for this issue.