mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
784 B
784 B
CVE-2015-7995
Description
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1257962