Xmlsoft Libxslt vulnerabilities
34 known vulnerabilities affecting xmlsoft/libxslt.
Total CVEs
34
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH13MEDIUM15LOW1
Vulnerabilities
Page 1 of 2
CVE-2008-2935P3HIGHCVSS 7.5PoCv1.1.8v1.1.9+15 more2008-08-01
CVE-2008-2935 [HIGH] CWE-119 CVE-2008-2935: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) a
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
nvdosv
CVE-2008-1767P3HIGHCVSS 7.5PoC≥ 0, < 1.1.24-12008-05-23
CVE-2008-1767 [HIGH] CVE-2008-1767: Buffer overflow in pattern
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
osv
CVE-2021-30560P3HIGHCVSS 8.8fixed in 1.1.352021-08-03
CVE-2021-30560 [HIGH] CWE-416 CVE-2021-30560: Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to po
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvdosv
CVE-2019-11068P3CRITICALCVSS 9.8≤ 1.1.332019-04-10
CVE-2019-11068 [CRITICAL] CVE-2019-11068: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
nvdosv
CVE-2016-4610P3CRITICALCVSS 9.8fixed in 1.1.292016-07-22
CVE-2016-4610 [CRITICAL] CVE-2016-4610: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvdosv
CVE-2016-4609P3CRITICALCVSS 9.8fixed in 1.1.292016-07-22
CVE-2016-4609 [CRITICAL] CVE-2016-4609: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvdosv
CVE-2016-4607P3CRITICALCVSS 9.8fixed in 1.1.292016-07-22
CVE-2016-4607 [CRITICAL] CWE-119 CVE-2016-4607: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-
nvdosv
CVE-2016-4608P3CRITICALCVSS 9.8≤ 1.1.282016-07-22
CVE-2016-4608 [CRITICAL] CVE-2016-4608: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvdosv
CVE-2016-4738P3HIGHCVSS 8.8≥ 0, < 1.1.29-22016-09-25
CVE-2016-4738 [HIGH] CVE-2016-4738: libxslt in Apple iOS before 10, OS X before 10
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
osv
CVE-2016-1841P3HIGHCVSS 8.8≥ 0, < 1.1.29-12016-05-20
CVE-2016-1841 [HIGH] CVE-2016-1841: libxslt, as used in Apple iOS before 9
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
osv
CVE-2017-5029P3HIGHCVSS 8.8v1.1.292017-04-24
CVE-2017-5029 [HIGH] CWE-787 CVE-2017-5029: The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome p
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
nvdosv
CVE-2019-18197P3HIGHCVSS 7.5v1.1.332019-10-18
CVE-2019-18197 [HIGH] CWE-416 CVE-2019-18197: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circu
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
nvdosv
CVE-2025-7424P3HIGHCVSS 7.5≥ 0, < 1.1.34-4+deb11u3≥ 0, < 1.1.35-1+deb12u2+2 more2025-07-10
CVE-2025-7424 [HIGH] CVE-2025-7424: A flaw was found in the libxslt library
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
osv
CVE-2024-55549P3HIGHCVSS 7.8fixed in 1.1.432025-03-14
CVE-2024-55549 [HIGH] CWE-416 CVE-2024-55549: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of r
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
nvdosv
CVE-2025-24855P3HIGHCVSS 7.8fixed in 1.1.432025-03-14
CVE-2025-24855 [HIGH] CWE-416 CVE-2025-24855: numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPa
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
nvdosv
CVE-2019-5815P3HIGHCVSS 7.5fixed in 1.1.332019-12-11
CVE-2019-5815 [HIGH] CWE-787 CVE-2019-5815: Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
nvdosv
CVE-2016-1683P3HIGHCVSS 7.5≤ 1.1.282016-06-05
CVE-2016-1683 [HIGH] CWE-119 CVE-2016-1683: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespa
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
nvdosv
CVE-2016-1684P4HIGHCVSS 7.5≤ 1.1.282016-06-05
CVE-2016-1684 [HIGH] CVE-2016-1684: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i f
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.
nvdosv
CVE-2022-29824P4MEDIUMCVSS 6.5≤ 1.1.352022-05-03
CVE-2022-29824 [MEDIUM] CWE-190 CVE-2022-29824: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is af
nvd
CVE-2019-13117P4MEDIUMCVSS 5.3v1.1.332019-07-01
CVE-2019-13117 [MEDIUM] CWE-908 CVE-2019-13117: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitiali
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
nvdosv
1 / 2Next →