Description
Several denial of service flaws were found in libxslt. An attacker could
use these flaws to create a malicious XSL file that, when used by an
application linked against libxslt to perform an XSL transformation, could
cause the application to crash. (CVE-2012-2825, CVE-2012-2870,
CVE-2011-3970)
An information leak could occur if an application using libxslt processed
an untrusted XPath expression, or used a malicious XSL file to perform an
XSL transformation. If combined with other flaws, this leak could possibly
help an attacker bypass intended memory corruption protections.
(CVE-2011-1202)