CVE-2025-24855
published 2025-03-14CVE-2025-24855: numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_18.3_and_ipados | — | — |
| apple | ipados | — | — |
| apple | macos_sequoia | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_ventura | — | — |
| apple | tvos | — | — |
| apple | visionos | — | — |
| apple | watchos | — | — |
| debian | libxslt | < libxslt 1.1.35-1+deb12u1 (bookworm) | libxslt 1.1.35-1+deb12u1 (bookworm) |
| msrc | azl3_libxslt_1.1.39-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_libxslt_1.1.43-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libxslt_1.1.34-8_on_cbl_mariner_2.0 | — | — |
| nokogiri | nokogiri | >= 0 < 1.18.4 | 1.18.4 |
| xmlsoft | libxslt | < 1.1.43 | 1.1.43 |
| xmlsoft | libxslt | >= 0 < 1.1.34-4+deb11u2 | 1.1.34-4+deb11u2 |
| xmlsoft | libxslt | >= 0 < 1.1.35-1+deb12u1 | 1.1.35-1+deb12u1 |
| xmlsoft | libxslt | >= 0 < 1.1.35-1.2 | 1.1.35-1.2 |
| xmlsoft | libxslt | >= 0 < 1.1.35-1.2 | 1.1.35-1.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa7.8HIGH
osv7.8HIGH