CVE-2017-5029

high

Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

References

http://rhn.redhat.com/errata/RHSA-2017-0499.html

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html

https://crbug.com/676623

https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

http://www.debian.org/security/2017/dsa-3810

http://www.securitytracker.com/id/1038157

Details

Source: Mitre, NVD

Published: 2017-04-24

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High