OSV-2023-242

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libxslt/OSV-2023-242.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-242

Published

2023-03-27T13:00:27.197749Z

Modified

2023-03-27T13:00:27.197986Z

Summary

Use-of-uninitialized-value in xmlSwitchEncoding

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57431

Crash type: Use-of-uninitialized-value
Crash state:
xmlSwitchEncoding
xmlParsePEReference
xmlParseInternalSubset

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57431

Affected packages

OSS-Fuzz / libxslt

Package

Name: libxslt
Purl: pkg:generic/libxslt

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libxslt.git
Events: Introduced

569328d95d418f10067bb5915147d600986f9058

Fixed

f80ae929fa9e80d66d4c42108c6fb2456ce14b8b

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "d8dda889b361f85fd94c6a2feba61e2309a17515:aab7eedca3c2dcaa1795d6acba38a4c9811d2a75",
    "fixed_range": "aab7eedca3c2dcaa1795d6acba38a4c9811d2a75:f80ae929fa9e80d66d4c42108c6fb2456ce14b8b"
}