VYPR

rpm package

suse/libxslt&distro=SUSE Linux Micro 6.0

pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Micro%206.0

Vulnerabilities (11)

  • CVE-2026-1757MedFeb 2, 2026
    affected < 1.1.38-8.1fixed 1.1.38-8.1

    A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command executio

  • CVE-2026-0992LowJan 15, 2026
    affected < 1.1.38-8.1fixed 1.1.38-8.1

    A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs

  • CVE-2026-0990MedJan 15, 2026
    affected < 1.1.38-8.1fixed 1.1.38-8.1

    A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent iss

  • CVE-2026-0989LowJan 15, 2026
    affected < 1.1.38-8.1fixed 1.1.38-8.1

    A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursi

  • CVE-2025-11731LowOct 14, 2025
    affected < 1.1.38-7.1fixed 1.1.38-7.1

    A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This c

  • CVE-2025-10911MedSep 25, 2025
    affected < 1.1.38-7.1fixed 1.1.38-7.1

    A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

  • CVE-2025-8732LowAug 8, 2025
    affected < 1.1.38-8.1fixed 1.1.38-8.1

    A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has b

  • CVE-2025-7424HigJul 10, 2025
    affected < 1.1.38-6.1fixed 1.1.38-6.1

    A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may l

  • CVE-2025-24855Mar 14, 2025
    affected < 1.1.38-4.1fixed 1.1.38-4.1

    numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

  • CVE-2024-55549Mar 14, 2025
    affected < 1.1.38-4.1fixed 1.1.38-4.1

    xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

  • CVE-2023-40403Sep 26, 2023
    affected < 1.1.38-4.1fixed 1.1.38-4.1

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.