Debian Libxslt vulnerabilities

CVE-2025-7424 [HIGH] CVE-2025-7424: libxslt - A flaw was found in the libxslt library. The same memory field, psvi, is used fo... A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. Scope: local bookworm: resolved (fixed in

CVE-2025-24855 [HIGH] CVE-2025-24855: libxslt - numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath... numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. Scope: local bookworm: resolved (fixed in 1.1.35-1+deb12u1) bullseye: resolved (fixed in

CVE-2025-10911 [MEDIUM] CVE-2025-10911: libxslt - A use-after-free vulnerability was found in libxslt while parsing xsl nodes that... A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.1.43-0.3) sid: resolved (fixed in 1.1.43-0.3) trixie: open

CVE-2025-7425 [HIGH] CVE-2025-7425: libxslt - A flaw was found in libxslt where the attribute type, atype, flags are modified ... A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap

CVE-2025-11731 [LOW] CVE-2025-11731: libxslt - A flaw was found in the exsltFuncResultComp() function of libxslt, which handles... A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead

CVE-2024-55549 [HIGH] CVE-2024-55549: libxslt - xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue relat... xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. Scope: local bookworm: resolved (fixed in 1.1.35-1+deb12u1) bullseye: resolved (fixed in 1.1.34-4+deb11u2) forky: resolved (fixed in 1.1.35-1.2) sid: resolved (fixed in 1.1.35-1.2) trixie: resolved (fixed in 1.1.35-1.2)

CVE-2023-40403 [MEDIUM] CVE-2023-40403: libxslt - The issue was addressed with improved memory handling. This issue is fixed in ma... The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. Scope: local bookworm: resolved (fixed in 1.1.35-1+deb12u2) bullseye: resolved (fixed in 1.1.34-4+deb1

CVE-2021-30560 [HIGH] CVE-2021-30560: chromium - Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a r... Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 93.0.4577.82-1) bullseye: resolved (fixed in 93.0.4577.82-1) forky: resolved (fixed in 93.0.4577.82-1) sid: resolved (fixed in 93.0.4577.82-1) trixie: resolved (fixed

CVE-2019-11068 [CRITICAL] CVE-2019-11068: libxslt - libxslt through 1.1.33 allows bypass of a protection mechanism because callers o... libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. Scope: local bookworm: resolved (fixed in 1.1.32-2.1) bullseye: resolved (fixed in 1.1.32-2.1)

CVE-2019-5815 [HIGH] CVE-2019-5815: chromium - Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could... Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie: resolved (fixe

CVE-2019-18197 [HIGH] CVE-2019-18197: libxslt - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset... In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Scope: local bookworm: resolved (fixed in 1.1.32-2.2) bullseye:

CVE-2019-13118 [MEDIUM] CVE-2019-13118: libxslt - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:num... In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Scope: local bookworm: resolved (fixed in 1.1.32-2.1) bullseye: resolved (fixed in 1.1.32-2.1) forky: resolved (fixed in

CVE-2019-13117 [MEDIUM] CVE-2019-13117: libxslt - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could ... In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. Scope: local bookworm: resolved (fixed in 1.1.32-2.1) bullseye: resolved (fixed in 1.1.32

CVE-2017-5029 [HIGH] CVE-2017-5029: libxslt - The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blin... The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Scope: local bookworm: resolv

CVE-2016-4610 [CRITICAL] CVE-2016-4610: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ... libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-

CVE-2016-4608 [CRITICAL] CVE-2016-4608: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ... libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-

CVE-2016-4609 [CRITICAL] CVE-2016-4609: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ... libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-

CVE-2016-1683 [HIGH] CVE-2016-1683: libxslt - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63... numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 1.1.29-1) bullseye: resolved (fixed in 1.1.29-1) forky: re

CVE-2016-1684 [HIGH] CVE-2016-1684: libxslt - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63... numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 1.1.29-1) bullseye: resolve

CVE-2016-4738 [HIGH] CVE-2016-4738: libxslt - libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS b... libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Scope: local bookworm: resolved (fixed in 1.1.29-2) bullseye: resolved (fixed in 1.1.29-2) forky: resolved (fixed in 1.1.29-2) sid: resolved (fixed in 1.1.29-2