INFSA-2025:7496: libxslt security update
Information about definition
Identificator: INFSA-2025:7496
Type: security
Release date: 2025-07-15 19:35:36 UTC
Information about package
libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.
Vulnerabilities description
- CVE-2024-55549
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
- CVE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-55549
|
no information | 7.8 | no information |
|
NIST — CVE-2025-24855
|
no information | 7.8 | no information |
Updated packages