CVE-2011-1425

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2011-1425

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-1425.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2011-1425

Downstream

DEBIAN-CVE-2011-1425

DSA-2219-1

RHSA-2011:0486

Published

2011-04-04T12:27:57Z

Modified

2026-04-10T03:41:44.070446Z

Summary

[none]

Details

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

References

http://secunia.com/advisories/43920
http://secunia.com/advisories/44167
http://secunia.com/advisories/44423
http://www.debian.org/security/2011/dsa-2219
http://www.mandriva.com/security/advisories?name=MDVSA-2011:063
http://www.vupen.com/english/advisories/2011/0855
http://www.vupen.com/english/advisories/2011/0858
http://www.vupen.com/english/advisories/2011/1010
http://www.vupen.com/english/advisories/2011/1172
http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780
http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa
http://www.aleksey.com/pipermail/xmlsec/2011/009120.html
https://bugzilla.redhat.com/show_bug.cgi?id=692133
http://trac.webkit.org/changeset/79159
http://www.redhat.com/support/errata/RHSA-2011-0486.html
http://www.securityfocus.com/bid/47135
http://www.securitytracker.com/id?1025284
https://bugs.webkit.org/show_bug.cgi?id=52688
https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

CVE-2011-1425

Affected packages