libxslt Type Confusion Vulnerability in EXSLT Result Handling

A type confusion vulnerability has been identified in the libxslt library, specifically within the exsltFuncResultComp() function, which processes EXSLT <func:result> elements during stylesheet parsing. The vulnerability arises from improper type management, allowing the function to mistakenly treat an XML document node as a standard XML element node. This misinterpretation can lead to unexpected memory access, causing application crashes and potential instability. While the vulnerability is challenging to exploit, it could result in denial-of-service conditions by causing applications to crash or restart.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application processing the XSL stylesheet. However, the type confusion could potentially be exploited to read memory from unexpected addresses, creating a risk of unauthorized memory access or manipulation.

Reproduction

The vulnerability can be reproduced by processing a specially crafted XSL stylesheet that exploits the type confusion in the libxslt library. This can be done using any application or tool that utilizes libxslt for XSLT processing, such as XML transformation tools or libraries that support EXSLT functions.