PT-2017-16267 · Google+8 · Google Chrome+8

Published

2017-03-09

·

Updated

2026-03-13

·

CVE-2017-5029

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libxslt version 1.1.29 Google Chrome versions prior to 57.0.2987.98 for Mac, Windows, and Linux Google Chrome version prior to 57.0.2987.108 for Android Nokogiri versions prior to 1.7.2
Description The issue is related to the xsltAddTextString function in transform.c in libxslt, which lacks a check for integer overflow during a size calculation. This allows a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Recommendations For libxslt version 1.1.29, consider updating to a newer version that includes a fix for the integer overflow issue in the xsltAddTextString function. For Google Chrome versions prior to 57.0.2987.98 for Mac, Windows, and Linux, update to version 57.0.2987.98 or later. For Google Chrome version prior to 57.0.2987.108 for Android, update to version 57.0.2987.108 or later. For Nokogiri versions prior to 1.7.2, update to version 1.7.2 or later. As a temporary workaround, consider restricting the use of the xsltAddTextString function in libxslt until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-1391
ALT-PU-2017-2650
ALT-PU-2018-1109
CVE-2017-5029
DLA-866-1
DSA-3810-1
GHSA-PF6M-FXPQ-FG8V
MGASA-2017-0111
MGASA-2017-0125
OPENSUSE-SU-2017:0738-1
OPENSUSE-SU-2017:0740-1
OPENSUSE-SU-2017_0738-1
OPENSUSE-SU-2024:11017-1
OPENSUSE-SU-2024:11340-1
OPENSUSE-SU-2024:11912-1
OPENSUSE-SU-2024:13165-1
OPENSUSE-SU-2024:14174-1
OPENSUSE-SU-2025:14697-1
OPENSUSE-SU-2026:10356-1
RHSA-2017:0499
RHSA-2017_0499
SUSE-SU-2017:1282-1
SUSE-SU-2017:1313-1
USN-3236-1
USN-3271-1

Affected Products

Alt Linux
Google Chrome
Nokogiri
Opera
Red Hat
Suse
Ubuntu
Itunes
Libxslt