mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-28 01:50:39 +01:00
840 B
840 B
CVE-2015-7995
Description
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1257962