CVE-2013-4520

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

Affected Software

Name	Vendor	Start Version	End Version
Libxslt	Xmlsoft	*	1.1.24 (including)
Libxslt	Xmlsoft	0.0.1 (including)	0.0.1 (including)
Libxslt	Xmlsoft	0.1.0 (including)	0.1.0 (including)
Libxslt	Xmlsoft	0.2.0 (including)	0.2.0 (including)
Libxslt	Xmlsoft	0.3.0 (including)	0.3.0 (including)
Libxslt	Xmlsoft	0.4.0 (including)	0.4.0 (including)
Libxslt	Xmlsoft	0.5.0 (including)	0.5.0 (including)
Libxslt	Xmlsoft	0.6.0 (including)	0.6.0 (including)
Libxslt	Xmlsoft	0.7.0 (including)	0.7.0 (including)
Libxslt	Xmlsoft	0.8.0 (including)	0.8.0 (including)
Libxslt	Xmlsoft	0.9.0 (including)	0.9.0 (including)
Libxslt	Xmlsoft	0.10.0 (including)	0.10.0 (including)
Libxslt	Xmlsoft	0.11.0 (including)	0.11.0 (including)
Libxslt	Xmlsoft	0.12.0 (including)	0.12.0 (including)
Libxslt	Xmlsoft	0.13.0 (including)	0.13.0 (including)
Libxslt	Xmlsoft	0.14.0 (including)	0.14.0 (including)
Libxslt	Xmlsoft	1.0.0 (including)	1.0.0 (including)
Libxslt	Xmlsoft	1.0.1 (including)	1.0.1 (including)
Libxslt	Xmlsoft	1.0.2 (including)	1.0.2 (including)
Libxslt	Xmlsoft	1.0.3 (including)	1.0.3 (including)
Libxslt	Xmlsoft	1.0.4 (including)	1.0.4 (including)
Libxslt	Xmlsoft	1.0.5 (including)	1.0.5 (including)
Libxslt	Xmlsoft	1.0.6 (including)	1.0.6 (including)
Libxslt	Xmlsoft	1.0.7 (including)	1.0.7 (including)
Libxslt	Xmlsoft	1.0.8 (including)	1.0.8 (including)
Libxslt	Xmlsoft	1.0.9 (including)	1.0.9 (including)
Libxslt	Xmlsoft	1.0.10 (including)	1.0.10 (including)
Libxslt	Xmlsoft	1.0.11 (including)	1.0.11 (including)
Libxslt	Xmlsoft	1.0.12 (including)	1.0.12 (including)
Libxslt	Xmlsoft	1.0.13 (including)	1.0.13 (including)
Libxslt	Xmlsoft	1.0.14 (including)	1.0.14 (including)
Libxslt	Xmlsoft	1.0.15 (including)	1.0.15 (including)
Libxslt	Xmlsoft	1.0.16 (including)	1.0.16 (including)
Libxslt	Xmlsoft	1.0.17 (including)	1.0.17 (including)
Libxslt	Xmlsoft	1.0.18 (including)	1.0.18 (including)
Libxslt	Xmlsoft	1.0.19 (including)	1.0.19 (including)
Libxslt	Xmlsoft	1.0.20 (including)	1.0.20 (including)
Libxslt	Xmlsoft	1.0.21 (including)	1.0.21 (including)
Libxslt	Xmlsoft	1.0.22 (including)	1.0.22 (including)
Libxslt	Xmlsoft	1.0.23 (including)	1.0.23 (including)
Libxslt	Xmlsoft	1.0.24 (including)	1.0.24 (including)
Libxslt	Xmlsoft	1.0.25 (including)	1.0.25 (including)
Libxslt	Xmlsoft	1.0.26 (including)	1.0.26 (including)
Libxslt	Xmlsoft	1.0.27 (including)	1.0.27 (including)
Libxslt	Xmlsoft	1.0.28 (including)	1.0.28 (including)
Libxslt	Xmlsoft	1.0.29 (including)	1.0.29 (including)
Libxslt	Xmlsoft	1.0.30 (including)	1.0.30 (including)
Libxslt	Xmlsoft	1.0.31 (including)	1.0.31 (including)
Libxslt	Xmlsoft	1.0.32 (including)	1.0.32 (including)
Libxslt	Xmlsoft	1.0.33 (including)	1.0.33 (including)
Libxslt	Xmlsoft	1.1.0 (including)	1.1.0 (including)
Libxslt	Xmlsoft	1.1.1 (including)	1.1.1 (including)
Libxslt	Xmlsoft	1.1.2 (including)	1.1.2 (including)
Libxslt	Xmlsoft	1.1.3 (including)	1.1.3 (including)
Libxslt	Xmlsoft	1.1.4 (including)	1.1.4 (including)
Libxslt	Xmlsoft	1.1.5 (including)	1.1.5 (including)
Libxslt	Xmlsoft	1.1.6 (including)	1.1.6 (including)
Libxslt	Xmlsoft	1.1.7 (including)	1.1.7 (including)
Libxslt	Xmlsoft	1.1.8 (including)	1.1.8 (including)
Libxslt	Xmlsoft	1.1.9 (including)	1.1.9 (including)
Libxslt	Xmlsoft	1.1.10 (including)	1.1.10 (including)
Libxslt	Xmlsoft	1.1.11 (including)	1.1.11 (including)
Libxslt	Xmlsoft	1.1.12 (including)	1.1.12 (including)
Libxslt	Xmlsoft	1.1.13 (including)	1.1.13 (including)
Libxslt	Xmlsoft	1.1.14 (including)	1.1.14 (including)
Libxslt	Xmlsoft	1.1.15 (including)	1.1.15 (including)
Libxslt	Xmlsoft	1.1.16 (including)	1.1.16 (including)
Libxslt	Xmlsoft	1.1.17 (including)	1.1.17 (including)
Libxslt	Xmlsoft	1.1.18 (including)	1.1.18 (including)
Libxslt	Xmlsoft	1.1.19 (including)	1.1.19 (including)
Libxslt	Xmlsoft	1.1.20 (including)	1.1.20 (including)
Libxslt	Xmlsoft	1.1.21 (including)	1.1.21 (including)
Libxslt	Xmlsoft	1.1.22 (including)	1.1.22 (including)
Libxslt	Xmlsoft	1.1.23 (including)	1.1.23 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4520
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References