CVE-2012-2870

Name of the Vulnerable Software and Affected Versions libxslt versions 1.1.26 and earlier Google Chrome versions prior to 21.0.1180.89

Description The issue is related to improper memory management in libxslt, which could allow remote attackers to cause a denial of service, potentially leading to an application crash. This can be achieved through a crafted XSLT expression that is not properly identified during XPath navigation. The problem is associated with the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c. Exploitation of the vulnerabilities may lead to breaches of confidentiality, integrity, and availability of protected information and can be performed remotely.

Recommendations For libxslt versions 1.1.26 and earlier, consider updating to a version later than 1.1.26 to resolve the issue. For Google Chrome versions prior to 21.0.1180.89, update to version 21.0.1180.89 or later to fix the problem. As a temporary workaround, consider restricting the use of XSLT expressions in libxslt until a patch is available.