Strix
26.1K

CVE-2013-4520

UnknownEPSS 2.36%

Last modified

CVE-2013-4520 is a vulnerability of currently unknown severity. xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.. EPSS estimates a 2.36% chance of exploitation in the next 30 days.

Description

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

Metrics

EPSS Probability
2.36%

81.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
XmlsoftLibxslt<= 1.1.24
XmlsoftLibxslt0.0.1
XmlsoftLibxslt0.1.0
XmlsoftLibxslt0.2.0
XmlsoftLibxslt0.3.0
XmlsoftLibxslt0.4.0
XmlsoftLibxslt0.5.0
XmlsoftLibxslt0.6.0
XmlsoftLibxslt0.7.0
XmlsoftLibxslt0.8.0
XmlsoftLibxslt0.9.0
XmlsoftLibxslt0.10.0
XmlsoftLibxslt0.11.0
XmlsoftLibxslt0.12.0
XmlsoftLibxslt0.13.0
XmlsoftLibxslt0.14.0
XmlsoftLibxslt1.0.0
XmlsoftLibxslt1.0.1
XmlsoftLibxslt1.0.2
XmlsoftLibxslt1.0.3
XmlsoftLibxslt1.0.4
XmlsoftLibxslt1.0.5
XmlsoftLibxslt1.0.6
XmlsoftLibxslt1.0.7
XmlsoftLibxslt1.0.8
XmlsoftLibxslt1.0.9
XmlsoftLibxslt1.0.10
XmlsoftLibxslt1.0.11
XmlsoftLibxslt1.0.12
XmlsoftLibxslt1.0.13
XmlsoftLibxslt1.0.14
XmlsoftLibxslt1.0.15
XmlsoftLibxslt1.0.16
XmlsoftLibxslt1.0.17
XmlsoftLibxslt1.0.18
XmlsoftLibxslt1.0.19
XmlsoftLibxslt1.0.20
XmlsoftLibxslt1.0.21
XmlsoftLibxslt1.0.22
XmlsoftLibxslt1.0.23
XmlsoftLibxslt1.0.24
XmlsoftLibxslt1.0.25
XmlsoftLibxslt1.0.26
XmlsoftLibxslt1.0.27
XmlsoftLibxslt1.0.28
XmlsoftLibxslt1.0.29
XmlsoftLibxslt1.0.30
XmlsoftLibxslt1.0.31
XmlsoftLibxslt1.0.32
XmlsoftLibxslt1.0.33

Showing 50 of 74 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-4520?
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
How severe is CVE-2013-4520?
Severity scoring for CVE-2013-4520 is pending analysis. The EPSS model estimates a 2.36% probability of exploitation in the next 30 days.
How do I fix CVE-2013-4520?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-4520?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST