{"alias":[],"description":"libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt\/pattern.c and (2) the xsltGenerateIdFunction function in libxslt\/functions.c.","epss":{"percentile":"0.75498","score":"0.008800"},"id":"CVE-2012-2870","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"MEDIUM","access_vector":"NETWORK","authentication":"NONE","availability_impact":"PARTIAL","base_score":4.3,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":8.6,"impact_score":2.9,"integrity_impact":"NONE","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":0,"vector_string":"AV:N\/AC:M\/Au:N\/C:N\/I:N\/A:P","version":"2.0"}},"modified":"2026-04-29T01:13:23","nvd_status":"Modified","published":"2012-08-31T19:55:01","score":4.3,"severity":"MEDIUM","source":"chrome-cve-admin@google.com","status":"PUBLISHED","weaknesses":[{"id":"CWE-399","name":"Resource Management Errors","type":"category"}]}