rpm package
opensuse/libxslt&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libxslt&distro=openSUSE%20Tumbleweed
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11731 | Low | 3.1 | < 1.1.43-4.1 | 1.1.43-4.1 | Oct 14, 2025 | A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This c | |
| CVE-2025-10911 | Med | 5.5 | < 1.1.43-3.1 | 1.1.43-3.1 | Sep 25, 2025 | A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. | |
| CVE-2025-7424 | Hig | 7.5 | < 1.1.43-2.1 | 1.1.43-2.1 | Jul 10, 2025 | A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may l | |
| CVE-2025-24855 | — | < 1.1.43-1.1 | 1.1.43-1.1 | Mar 14, 2025 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. | ||
| CVE-2024-55549 | — | < 1.1.43-1.1 | 1.1.43-1.1 | Mar 14, 2025 | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. | ||
| CVE-2021-30560 | — | < 1.1.37-1.1 | 1.1.37-1.1 | Aug 3, 2021 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-18197 | Hig | 7.5 | < 1.1.34-3.2 | 1.1.34-3.2 | Oct 18, 2019 | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized | |
| CVE-2019-13118 | Med | 5.3 | < 1.1.34-3.2 | 1.1.34-3.2 | Jul 1, 2019 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | |
| CVE-2019-13117 | Med | 5.3 | < 1.1.34-3.2 | 1.1.34-3.2 | Jul 1, 2019 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. | |
| CVE-2019-11068 | Cri | 9.8 | < 1.1.34-3.2 | 1.1.34-3.2 | Apr 10, 2019 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | |
| CVE-2017-5029 | Hig | 8.8 | < 1.1.34-3.2 | 1.1.34-3.2 | Apr 24, 2017 | The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to pe | |
| CVE-2015-9019 | Med | 5.3 | < 1.1.34-3.2 | 1.1.34-3.2 | Apr 5, 2017 | In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. | |
| CVE-2016-4738 | Hig | 8.8 | < 1.1.34-3.2 | 1.1.34-3.2 | Sep 25, 2016 | libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |
| CVE-2015-7995 | — | < 1.1.29-1.3 | 1.1.29-1.3 | Nov 17, 2015 | The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. | ||
| CVE-2008-1767 | — | < 1.1.34-3.2 | 1.1.34-3.2 | May 23, 2008 | Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. |
- affected < 1.1.43-4.1fixed 1.1.43-4.1
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This c
- affected < 1.1.43-3.1fixed 1.1.43-3.1
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
- affected < 1.1.43-2.1fixed 1.1.43-2.1
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may l
- CVE-2025-24855Mar 14, 2025affected < 1.1.43-1.1fixed 1.1.43-1.1
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
- CVE-2024-55549Mar 14, 2025affected < 1.1.43-1.1fixed 1.1.43-1.1
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
- CVE-2021-30560Aug 3, 2021affected < 1.1.37-1.1fixed 1.1.37-1.1
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 1.1.34-3.2fixed 1.1.34-3.2
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized
- affected < 1.1.34-3.2fixed 1.1.34-3.2
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
- affected < 1.1.34-3.2fixed 1.1.34-3.2
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
- affected < 1.1.34-3.2fixed 1.1.34-3.2
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
- affected < 1.1.34-3.2fixed 1.1.34-3.2
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to pe
- affected < 1.1.34-3.2fixed 1.1.34-3.2
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
- affected < 1.1.34-3.2fixed 1.1.34-3.2
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
- CVE-2015-7995Nov 17, 2015affected < 1.1.29-1.3fixed 1.1.29-1.3
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
- CVE-2008-1767May 23, 2008affected < 1.1.34-3.2fixed 1.1.34-3.2
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.