CVE-2013-2902 : Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in

Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.

Published 2013-08-21 12:17:57

Updated 2025-04-11 00:51:22

Source Chrome

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2013-2902

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Google » Chrome
Versions up to, including, (<=) 29.0.1547.56
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.53
cpe:2.3:a:google:chrome:29.0.1547.53:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.52
cpe:2.3:a:google:chrome:29.0.1547.52:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.45
cpe:2.3:a:google:chrome:29.0.1547.45:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.42
cpe:2.3:a:google:chrome:29.0.1547.42:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.51
cpe:2.3:a:google:chrome:29.0.1547.51:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.50
cpe:2.3:a:google:chrome:29.0.1547.50:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.41
cpe:2.3:a:google:chrome:29.0.1547.41:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.40
cpe:2.3:a:google:chrome:29.0.1547.40:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.33
cpe:2.3:a:google:chrome:29.0.1547.33:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.32
cpe:2.3:a:google:chrome:29.0.1547.32:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.31
cpe:2.3:a:google:chrome:29.0.1547.31:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.21
cpe:2.3:a:google:chrome:29.0.1547.21:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.20
cpe:2.3:a:google:chrome:29.0.1547.20:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.13
cpe:2.3:a:google:chrome:29.0.1547.13:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.12
cpe:2.3:a:google:chrome:29.0.1547.12:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.4
cpe:2.3:a:google:chrome:29.0.1547.4:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.3
cpe:2.3:a:google:chrome:29.0.1547.3:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.2
cpe:2.3:a:google:chrome:29.0.1547.2:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.35
cpe:2.3:a:google:chrome:29.0.1547.35:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.34
cpe:2.3:a:google:chrome:29.0.1547.34:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.23
cpe:2.3:a:google:chrome:29.0.1547.23:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.22
cpe:2.3:a:google:chrome:29.0.1547.22:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.15
cpe:2.3:a:google:chrome:29.0.1547.15:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.14
cpe:2.3:a:google:chrome:29.0.1547.14:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.7
cpe:2.3:a:google:chrome:29.0.1547.7:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.5
cpe:2.3:a:google:chrome:29.0.1547.5:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.55
cpe:2.3:a:google:chrome:29.0.1547.55:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.54
cpe:2.3:a:google:chrome:29.0.1547.54:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.47
cpe:2.3:a:google:chrome:29.0.1547.47:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.46
cpe:2.3:a:google:chrome:29.0.1547.46:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.37
cpe:2.3:a:google:chrome:29.0.1547.37:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.36
cpe:2.3:a:google:chrome:29.0.1547.36:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.28
cpe:2.3:a:google:chrome:29.0.1547.28:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.27
cpe:2.3:a:google:chrome:29.0.1547.27:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.17
cpe:2.3:a:google:chrome:29.0.1547.17:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.16
cpe:2.3:a:google:chrome:29.0.1547.16:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.9
cpe:2.3:a:google:chrome:29.0.1547.9:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.8
cpe:2.3:a:google:chrome:29.0.1547.8:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.49
cpe:2.3:a:google:chrome:29.0.1547.49:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.48
cpe:2.3:a:google:chrome:29.0.1547.48:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.39
cpe:2.3:a:google:chrome:29.0.1547.39:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.38
cpe:2.3:a:google:chrome:29.0.1547.38:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.30
cpe:2.3:a:google:chrome:29.0.1547.30:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.29
cpe:2.3:a:google:chrome:29.0.1547.29:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.19
cpe:2.3:a:google:chrome:29.0.1547.19:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.18
cpe:2.3:a:google:chrome:29.0.1547.18:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.11
cpe:2.3:a:google:chrome:29.0.1547.11:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.10
cpe:2.3:a:google:chrome:29.0.1547.10:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.1
cpe:2.3:a:google:chrome:29.0.1547.1:*:*:*:*:*:*:*
Matching versions
Google » Chrome » Version: 29.0.1547.0
cpe:2.3:a:google:chrome:29.0.1547.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-2902

EPSS FAQ

0.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-2902

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-2902

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-2902

https://src.chromium.org/viewvc/blink?revision=155043&view=revision

[blink] Revision 155043
http://crbug.com/260105

260105 - Heap-use-after-free in xsltApplySequenceConstructor - chromium - Monorail
http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html

Chrome Releases: Stable Channel Update

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18313

Repository / Oval Repository
http://www.debian.org/security/2013/dsa-2741

Debian -- Security Information -- DSA-2741-1 chromium-browser

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-2902

Products affected by CVE-2013-2902

Exploit prediction scoring system (EPSS) score for CVE-2013-2902

CVSS scores for CVE-2013-2902

CWE ids for CVE-2013-2902

References for CVE-2013-2902