VYPR
Unrated severityNVD Advisory· Published Mar 14, 2025· Updated Feb 26, 2026

CVE-2025-24855

CVE-2025-24855

Description

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

68

Patches

Vulnerability mechanics

References

1

News mentions

1