2013-11-05 12:50:09 UTC
Our QA found that the reproducer in CVE-2012-2825 (magic.xsl and magic.xml)
also expose another libxslt crash in older libxslt versions.
This bug was fixed in libxslt 1.1.25 with this commit:
Author: Martin <gzlist-gM/Ye1E23mwNfirstname.lastname@example.org>
Date: Wed Sep 16 19:02:16 2009 +0200
Crash compiling stylesheet with DTD
* libxslt/xslt.c: when a stylesheet embbeds a DTD the compilation
process could get seriously wrong
Crash as a xmlDtd struct is accessed as a xmlNode, not really attacker controllable
I would say, but a denial of service (crash).