Launchpad CVE tracker

CVE 2016-1684

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://crbug.com/583171
CONFIRM: https://git.gnome.org/...
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2016-07-18-1
APPLE: APPLE-SA-2016-07-18-2
APPLE: APPLE-SA-2016-07-18-3
APPLE: APPLE-SA-2016-07-18-4
APPLE: APPLE-SA-2016-07-18-6
DEBIAN: DSA-3590
REDHAT: RHSA-2016:1190
SUSE: openSUSE-SU-2016:1430
SUSE: openSUSE-SU-2016:1433
SUSE: openSUSE-SU-2016:1496
UBUNTU: USN-2992-1
SECTRACK: 1035981
BID: 90876
DEBIAN: DSA-3605
GENTOO: GLSA-201607-07
FEDORA: FEDORA-2019-320d5295fc

Launchpad.net

CVE 2016-1684

Related bugs

References