CVE-2012-2871

Severity

68%

Complexity

86%

Confidentiality

106%

Per: http://cwe.mitre.org/data/definitions/704.html 'CWE-704: Incorrect Type Conversion or Cast'

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.

Per: http://cwe.mitre.org/data/definitions/704.html 'CWE-704: Incorrect Type Conversion or Cast'

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 12 years ago

2012-08-31 19:55:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

Apple iPhone OS 1.0.0

1.0.0

Apple iPhone OS 1.0.1

1.0.1

Apple iPhone OS 1.0.2

1.0.2

Apple iPhone OS 1.1.0

1.1.0

Apple iPhone OS 1.1.1

1.1.1

Apple iPhone OS 1.1.2

1.1.2

Apple iPhone OS 1.1.3

1.1.3

Apple iPhone OS 1.1.4

1.1.4

Apple iPhone OS 1.1.5

1.1.5

Apple iPhone OS 2.0

2.0

Apple iPhone OS 2.0.0

2.0.0

Apple iPhone OS 2.0.1

2.0.1

Apple iPhone OS 2.0.2

2.0.2

Apple iPhone OS 2.1

2.1

Apple iPhone OS 2.1.1

2.1.1

Apple iPhone OS 2.2

2.2

Apple iPhone OS 2.2.1

2.2.1

Apple iPhone OS 3.0

3.0

Apple iPhone OS 3.0.1

3.0.1

Apple iPhone OS 3.1

3.1

Apple iPhone OS 3.1.2

3.1.2

Apple iPhone OS 3.1.3

3.1.3

Apple iPhone OS 3.2

3.2

Apple iPhone OS 3.2.1

3.2.1

Apple iPhone OS 3.2.2

3.2.2

Apple iPhone OS 4.0

4.0

Apple iPhone OS 4.0.1

4.0.1

Apple iPhone OS 4.0.2

4.0.2

Apple iPhone OS 4.1

4.1

Apple iPhone OS 4.2.1

4.2.1

Apple iPhone OS 4.2.5

4.2.5

Apple iPhone OS 4.2.8

4.2.8

Apple iPhone OS 4.3.0

4.3.0

Apple iPhone OS 4.3.1

4.3.1

Apple iPhone OS 4.3.2

4.3.2

Apple iPhone OS 4.3.3

4.3.3

Apple iPhone OS 4.3.5

4.3.5

Apple iPhone OS 5.0

5.0

Apple iPhone OS 5.0.1

5.0.1

Apple iPhone OS 5.1

5.1

Apple iPhone OS 5.1.1

5.1.1

Apple iPhone OS 6.0

6.0

Apple iPhone OS 6.0.1

6.0.1

Apple iPhone OS 6.0.2

6.0.2

Apple iPhone OS 6.1

6.1

Apple iPhone OS 6.1.2

6.1.2

Apple iPhone OS 6.1.3

6.1.3

Google Chrome 21.0.1180.0

21.0.1180.0

Google Chrome 21.0.1180.1

21.0.1180.1

Google Chrome 21.0.1180.2

21.0.1180.2

Google Chrome 21.0.1180.31

21.0.1180.31

Google Chrome 21.0.1180.32

21.0.1180.32

Google Chrome 21.0.1180.33

21.0.1180.33

Google Chrome 21.0.1180.34

21.0.1180.34

Google Chrome 21.0.1180.35

21.0.1180.35

Google Chrome 21.0.1180.36

21.0.1180.36

Google Chrome 21.0.1180.37

21.0.1180.37

Google Chrome 21.0.1180.38

21.0.1180.38

Google Chrome 21.0.1180.39

21.0.1180.39

Google Chrome 21.0.1180.41

21.0.1180.41

Google Chrome 21.0.1180.46

21.0.1180.46

Google Chrome 21.0.1180.47

21.0.1180.47

Google Chrome 21.0.1180.48

21.0.1180.48

Google Chrome 21.0.1180.49

21.0.1180.49

Google Chrome 21.0.1180.50

21.0.1180.50

Google Chrome 21.0.1180.51

21.0.1180.51

Google Chrome 21.0.1180.52

21.0.1180.52

Google Chrome 21.0.1180.53

21.0.1180.53

Google Chrome 21.0.1180.54

21.0.1180.54

Google Chrome 21.0.1180.55

21.0.1180.55

Google Chrome 21.0.1180.56

21.0.1180.56

Google Chrome 21.0.1180.57

21.0.1180.57

Google Chrome 21.0.1180.59

21.0.1180.59

Google Chrome 21.0.1180.60

21.0.1180.60

Google Chrome 21.0.1180.61

21.0.1180.61

Google Chrome 21.0.1180.62

21.0.1180.62

Google Chrome 21.0.1180.63

21.0.1180.63

Google Chrome 21.0.1180.64

21.0.1180.64

Google Chrome 21.0.1180.68

21.0.1180.68

Google Chrome 21.0.1180.69

21.0.1180.69

Google Chrome 21.0.1180.70

21.0.1180.70

Google Chrome 21.0.1180.71

21.0.1180.71

Google Chrome 21.0.1180.72

21.0.1180.72

Google Chrome 21.0.1180.73

21.0.1180.73

Google Chrome 21.0.1180.74

21.0.1180.74

Google Chrome 21.0.1180.75

21.0.1180.75

Google Chrome 21.0.1180.76

21.0.1180.76

Google Chrome 21.0.1180.77

21.0.1180.77

Google Chrome 21.0.1180.78

21.0.1180.78

Google Chrome 21.0.1180.79

21.0.1180.79

Google Chrome 21.0.1180.80

21.0.1180.80

Google Chrome 21.0.1180.81

21.0.1180.81

Google Chrome 21.0.1180.82

21.0.1180.82

Google Chrome 21.0.1180.83

21.0.1180.83

Google Chrome 21.0.1180.84

21.0.1180.84

Google Chrome 21.0.1180.85

21.0.1180.85

Google Chrome 21.0.1180.86

21.0.1180.86

Google Chrome 21.0.1180.87

21.0.1180.87

References

http://code.google.com/p/chromium/issues/detail?id=138673

http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html

Vendor Advisory

APPLE-SA-2013-10-22-8

APPLE-SA-2013-09-18-2

openSUSE-SU-2012:1215

50838

54886

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276&r2=149930

http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log

http://support.apple.com/kb/HT5934

http://support.apple.com/kb/HT6001

DSA-2555

MDVSA-2012:164

https://chromiumcodereview.appspot.com/10824157

chrome-xsl-transforms-code-exec(78179)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.