FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxslt -- security framework bypass

Affected packages
libxslt < 1.1.33


VuXML ID 93167bef-9752-11e9-b61c-b885849ded8e
Discovery 2019-04-10
Entry 2019-07-16

Mitre report:

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.