CVE-2017-5029

NameCVE-2017-5029
DescriptionThe xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-866-1, DSA-3810-1
NVD severitymedium (attack range: remote)
Debian Bugs858546

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)wheezy, wheezy (security)37.0.2062.120-1~deb7u1vulnerable
jessie (security), jessie57.0.2987.98-1~deb8u1fixed
stretch59.0.3071.86-1fixed
stretch (security)60.0.3112.78-1~deb9u1fixed
buster, sid60.0.3112.78-1fixed
libxslt (PTS)wheezy1.1.26-14.1vulnerable
wheezy (security)1.1.26-14.1+deb7u3fixed
jessie1.1.28-2+deb8u3fixed
jessie (security)1.1.28-2+deb8u2vulnerable
buster, sid, stretch1.1.29-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)57.0.2987.98-1medium
chromium-browsersourcejessie57.0.2987.98-1~deb8u1mediumDSA-3810-1
chromium-browsersourcewheezy(unfixed)end-of-life
libxsltsource(unstable)1.1.29-2.1medium858546
libxsltsourcejessie1.1.28-2+deb8u3medium
libxsltsourcewheezy1.1.26-14.1+deb7u3mediumDLA-866-1

Notes

[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
Upstream fix in libxslt: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

Search for package or bug name: Reporting problems