CVE-2011-1425

N/A Unknown

Published: April 04, 2011 Modified: April 29, 2026

Description

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780

Source: cve@mitre.org

Patch

http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

Source: cve@mitre.org

Patch

http://secunia.com/advisories/43920

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/44167

Source: cve@mitre.org

http://secunia.com/advisories/44423

Source: cve@mitre.org

http://trac.webkit.org/changeset/79159

Source: cve@mitre.org

http://www.aleksey.com/pipermail/xmlsec/2011/009120.html

Source: cve@mitre.org

Patch

http://www.debian.org/security/2011/dsa-2219

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:063

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2011-0486.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/47135

Source: cve@mitre.org

http://www.securitytracker.com/id?1025284

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0855

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0858

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/1010

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/1172

Source: cve@mitre.org

https://bugs.webkit.org/show_bug.cgi?id=52688

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=692133

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

Source: cve@mitre.org

http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/43920

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/44167

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/44423

Source: af854a3a-2127-422b-91ae-364da2661108

http://trac.webkit.org/changeset/79159

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.aleksey.com/pipermail/xmlsec/2011/009120.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.debian.org/security/2011/dsa-2219

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:063

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-0486.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/47135

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1025284

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0855

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0858

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/1010

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/1172

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.webkit.org/show_bug.cgi?id=52688

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=692133

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

8.1%

94th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

aleksey apple

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1