INFSA-2025:3615: libxslt security update
Information about definition
Identificator: INFSA-2025:3615
Type: security
Release date: 2025-04-29 14:18:01 UTC
Information about package
libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.
Vulnerabilities description
- CVE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
- CVE-2024-55549
A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-55549
|
no information | 7.8 | no information |
|
NIST — CVE-2025-24855
|
no information | 7.8 | no information |
Updated packages