VYPR

rpm package

opensuse/libxslt&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libxslt&distro=openSUSE%20Tumbleweed

Vulnerabilities (15)

  • CVE-2025-11731LowOct 14, 2025
    affected < 1.1.43-4.1fixed 1.1.43-4.1

    A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This c

  • CVE-2025-10911MedSep 25, 2025
    affected < 1.1.43-3.1fixed 1.1.43-3.1

    A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

  • CVE-2025-7424HigJul 10, 2025
    affected < 1.1.43-2.1fixed 1.1.43-2.1

    A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may l

  • CVE-2025-24855Mar 14, 2025
    affected < 1.1.43-1.1fixed 1.1.43-1.1

    numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

  • CVE-2024-55549Mar 14, 2025
    affected < 1.1.43-1.1fixed 1.1.43-1.1

    xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

  • CVE-2021-30560Aug 3, 2021
    affected < 1.1.37-1.1fixed 1.1.37-1.1

    Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-18197HigOct 18, 2019
    affected < 1.1.34-3.2fixed 1.1.34-3.2

    In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized

  • CVE-2019-13118MedJul 1, 2019
    affected < 1.1.34-3.2fixed 1.1.34-3.2

    In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

  • CVE-2019-13117MedJul 1, 2019
    affected < 1.1.34-3.2fixed 1.1.34-3.2

    In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

  • CVE-2019-11068CriApr 10, 2019
    affected < 1.1.34-3.2fixed 1.1.34-3.2

    libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

  • CVE-2017-5029HigApr 24, 2017
    affected < 1.1.34-3.2fixed 1.1.34-3.2

    The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to pe

  • CVE-2015-9019MedApr 5, 2017
    affected < 1.1.34-3.2fixed 1.1.34-3.2

    In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

  • CVE-2016-4738HigSep 25, 2016
    affected < 1.1.34-3.2fixed 1.1.34-3.2

    libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2015-7995Nov 17, 2015
    affected < 1.1.29-1.3fixed 1.1.29-1.3

    The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

  • CVE-2008-1767May 23, 2008
    affected < 1.1.34-3.2fixed 1.1.34-3.2

    Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.