rpm package
suse/libxslt&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11731 | Low | 3.1 | < 1.1.28-17.21.1 | 1.1.28-17.21.1 | Oct 14, 2025 | A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This c | |
| CVE-2025-24855 | — | < 1.1.28-17.18.1 | 1.1.28-17.18.1 | Mar 14, 2025 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. | ||
| CVE-2024-55549 | — | < 1.1.28-17.18.1 | 1.1.28-17.18.1 | Mar 14, 2025 | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. |
- affected < 1.1.28-17.21.1fixed 1.1.28-17.21.1
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This c
- CVE-2025-24855Mar 14, 2025affected < 1.1.28-17.18.1fixed 1.1.28-17.18.1
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
- CVE-2024-55549Mar 14, 2025affected < 1.1.28-17.18.1fixed 1.1.28-17.18.1
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.