{"url":"http://public2.vulnerablecode.io/api/packages/104697?format=json","purl":"pkg:deb/debian/libxslt@1.1.26-14?distro=trixie","type":"deb","namespace":"debian","name":"libxslt","version":"1.1.26-14","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.1.26-14.1","latest_non_vulnerable_version":"1.1.43-0.3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78024?format=json","vulnerability_id":"VCID-4ggh-374b-rqdx","summary":"libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2870.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2870","reference_id":"","reference_type":"","scores":[{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75714","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75741","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0088","scoring_system":"epss","scoring_elements":"0.75739","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422","reference_id":"689422","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=852937","reference_id":"852937","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=852937"},{"reference_url":"https://security.gentoo.org/glsa/201401-07","reference_id":"GLSA-201401-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1265","reference_id":"RHSA-2012:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1265"},{"reference_url":"https://usn.ubuntu.com/1595-1/","reference_id":"USN-1595-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1595-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104697?format=json","purl":"pkg:deb/debian/libxslt@1.1.26-14?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-14%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104690?format=json","purl":"pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104688?format=json","purl":"pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104692?format=json","purl":"pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104691?format=json","purl":"pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9q7z-rwe8-zydg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie"}],"aliases":["CVE-2012-2870"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ggh-374b-rqdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37457?format=json","vulnerability_id":"VCID-d39h-k44d-8kgx","summary":"Uncontrolled Resource Consumption\nlibxml2, as used in Google Chrome, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2871.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2871","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74106","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.7414","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74144","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422","reference_id":"689422","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=852935","reference_id":"852935","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=852935"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2871","reference_id":"CVE-2012-2871","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2871"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1265","reference_id":"RHSA-2012:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1265"},{"reference_url":"https://usn.ubuntu.com/1595-1/","reference_id":"USN-1595-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1595-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104697?format=json","purl":"pkg:deb/debian/libxslt@1.1.26-14?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-14%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104690?format=json","purl":"pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104688?format=json","purl":"pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104692?format=json","purl":"pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104691?format=json","purl":"pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9q7z-rwe8-zydg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie"}],"aliases":["CVE-2012-2871"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d39h-k44d-8kgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78025?format=json","vulnerability_id":"VCID-hagz-u4kw-uyf8","summary":"Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2893.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2893.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2893","reference_id":"","reference_type":"","scores":[{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82404","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.82431","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01661","scoring_system":"epss","scoring_elements":"0.8243","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422","reference_id":"689422","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=860671","reference_id":"860671","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=860671"},{"reference_url":"https://security.gentoo.org/glsa/201401-07","reference_id":"GLSA-201401-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1265","reference_id":"RHSA-2012:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1265"},{"reference_url":"https://usn.ubuntu.com/1595-1/","reference_id":"USN-1595-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1595-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/104697?format=json","purl":"pkg:deb/debian/libxslt@1.1.26-14?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-14%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104690?format=json","purl":"pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104688?format=json","purl":"pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104692?format=json","purl":"pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6f4y-n9m4-vydg"},{"vulnerability":"VCID-e25f-65vw-ykc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104691?format=json","purl":"pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9q7z-rwe8-zydg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie"}],"aliases":["CVE-2012-2893"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hagz-u4kw-uyf8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-14%3Fdistro=trixie"}