CVE-2024-55549

CWE-416 — Use After Free CWE-139519 documents10 sources

Severity

7.8HIGH

EPSS

0.1%

top 84.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxslt

Timeline

PublishedMar 14

Latest updateSep 30

Description

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:HExploitability: 1.4 | Impact: 5.8

Affected Packages4 packages

▶CVEListV5xmlsoft/libxslt< 1.1.43

▶NVDxmlsoft/libxslt< 1.1.43

▶Debianlibxslt< 1.1.34-4+deb11u2+3

▶RubyGemsnokogiri< 1.18.4

🔴Vulnerability Details

GHSA

GHSA-g8fv-r98j-937r: xsltGetInheritedNsList in libxslt before 1↗2025-03-14

▶

CVEList

CVE-2024-55549: xsltGetInheritedNsList in libxslt before 1↗2025-03-14

▶

OSV

Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs↗2025-03-14

▶

OSV

CVE-2024-55549: xsltGetInheritedNsList in libxslt before 1↗2025-03-14

▶

GHSA

Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs↗2025-03-14

▶

📋Vendor Advisories

Ubuntu

Libxslt vulnerabilities↗2025-09-30

▶

Ubuntu

Libxslt vulnerability↗2025-03-19

▶

Red Hat

libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)↗2025-03-14

▶

Microsoft

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue↗2025-03-11

▶

Apple

CVE-2024-55549: iOS 18.3 and iPadOS 18.3↗2025-01-27

▶