Libxslt · Libxslt · CVE-2012-6139
**Name of the Vulnerable Software and Affected Versions**
libxslt versions prior to 1.1.28
**Description**
The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and crash. This can be achieved through an empty match attribute in a XSL key to the `xsltAddKey` function in keys.c or an uninitialized variable to the `xsltDocumentFunction` function in functions.c.
**Recommendations**
For versions prior to 1.1.28, update to version 1.1.28 or later to resolve the issue.