vulnerability

OS X update for libxslt (CVE-2017-5029)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	2017-03-29	2017-03-29	2023-11-08

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

2017-03-29

Added

2017-03-29

Modified

2023-11-08

Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Solution(s)

apple-osx-security-update-2017-001-el-capitanapple-osx-upgrade-10_12_4

References

CVE-2017-5029
https://attackerkb.com/topics/CVE-2017-5029
URL-https://support.apple.com/kb/HT207615

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today