Hello, I spent some time fuzzing the libxslt engine. The following tickets describe some identified issues with possible security implications:
Off-by-one write in rc4_decrypt https://bugzilla.gnome.org/show_bug.cgi?id=675917 Read of previously free'd memory when using func:result https://bugzilla.gnome.org/show_bug.cgi?id=680920 Off-by-one read in pattern parsing https://bugzilla.gnome.org/show_bug.cgi?id=680924 Nick Wellnhofer has already proposed some patches (that I didn't test for the moment). Many thanks to him! Nicolas _______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] https://mail.gnome.org/mailman/listinfo/xml
