CVE-2012-2871

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.9.0-rc1 and earlier Google Chrome versions prior to 21.0.1180.89

Description The issue is related to the handling of XSL transforms and the xmlNs data structure in include/libxml/tree.h. It allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. Multiple vulnerabilities in the libxml2 package can lead to violations of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For libxml2 versions 2.9.0-rc1 and earlier, update to version 2.9.1 or later to resolve the issue. For Google Chrome versions prior to 21.0.1180.89, update to version 21.0.1180.89 or later to resolve the issue. As a temporary workaround, consider restricting the use of XSL transforms in libxml2 until a patch is available.