rpm package
suse/libxslt&distro=SUSE Linux Micro 6.1
pkg:rpm/suse/libxslt&distro=SUSE%20Linux%20Micro%206.1
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1757 | Med | 6.2 | < 1.1.38-slfo.1.1_6.1 | 1.1.38-slfo.1.1_6.1 | Feb 2, 2026 | A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command executio | |
| CVE-2026-0992 | Low | 2.9 | < 1.1.38-slfo.1.1_6.1 | 1.1.38-slfo.1.1_6.1 | Jan 15, 2026 | A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs | |
| CVE-2026-0990 | Med | 5.9 | < 1.1.38-slfo.1.1_6.1 | 1.1.38-slfo.1.1_6.1 | Jan 15, 2026 | A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent iss | |
| CVE-2026-0989 | Low | 3.7 | < 1.1.38-slfo.1.1_6.1 | 1.1.38-slfo.1.1_6.1 | Jan 15, 2026 | A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursi | |
| CVE-2025-11731 | Low | 3.1 | < 1.1.38-slfo.1.1_5.1 | 1.1.38-slfo.1.1_5.1 | Oct 14, 2025 | A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This c | |
| CVE-2025-10911 | Med | 5.5 | < 1.1.38-slfo.1.1_5.1 | 1.1.38-slfo.1.1_5.1 | Sep 25, 2025 | A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. | |
| CVE-2025-8732 | Low | 3.3 | < 1.1.38-slfo.1.1_6.1 | 1.1.38-slfo.1.1_6.1 | Aug 8, 2025 | A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has b | |
| CVE-2025-7424 | Hig | 7.5 | < 1.1.38-slfo.1.1_4.1 | 1.1.38-slfo.1.1_4.1 | Jul 10, 2025 | A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may l | |
| CVE-2025-24855 | — | < 1.1.38-slfo.1.1_2.1 | 1.1.38-slfo.1.1_2.1 | Mar 14, 2025 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. | ||
| CVE-2024-55549 | — | < 1.1.38-slfo.1.1_2.1 | 1.1.38-slfo.1.1_2.1 | Mar 14, 2025 | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. | ||
| CVE-2023-40403 | — | < 1.1.38-slfo.1.1_2.1 | 1.1.38-slfo.1.1_2.1 | Sep 26, 2023 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. |
- affected < 1.1.38-slfo.1.1_6.1fixed 1.1.38-slfo.1.1_6.1
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command executio
- affected < 1.1.38-slfo.1.1_6.1fixed 1.1.38-slfo.1.1_6.1
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs
- affected < 1.1.38-slfo.1.1_6.1fixed 1.1.38-slfo.1.1_6.1
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent iss
- affected < 1.1.38-slfo.1.1_6.1fixed 1.1.38-slfo.1.1_6.1
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursi
- affected < 1.1.38-slfo.1.1_5.1fixed 1.1.38-slfo.1.1_5.1
A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This c
- affected < 1.1.38-slfo.1.1_5.1fixed 1.1.38-slfo.1.1_5.1
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
- affected < 1.1.38-slfo.1.1_6.1fixed 1.1.38-slfo.1.1_6.1
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has b
- affected < 1.1.38-slfo.1.1_4.1fixed 1.1.38-slfo.1.1_4.1
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may l
- CVE-2025-24855Mar 14, 2025affected < 1.1.38-slfo.1.1_2.1fixed 1.1.38-slfo.1.1_2.1
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
- CVE-2024-55549Mar 14, 2025affected < 1.1.38-slfo.1.1_2.1fixed 1.1.38-slfo.1.1_2.1
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
- CVE-2023-40403Sep 26, 2023affected < 1.1.38-slfo.1.1_2.1fixed 1.1.38-slfo.1.1_2.1
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.