Search CVE reports
1 – 10 of 31 results
CVE-2025-24855
Medium prioritySome fixes available 4 of 6
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate,...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2024-55549
Medium prioritySome fixes available 4 of 6
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2021-30560
Medium priorityUse after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2 affected packages
chromium-browser, libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | Not affected | Not affected | Fixed | Ignored |
libxslt | — | Fixed | Fixed | Fixed | Fixed |
CVE-2019-5815
Medium priorityType confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
2 affected packages
chromium-browser, libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
chromium-browser | — | Not affected | Not affected | Not affected | Not affected |
libxslt | — | Not affected | Not affected | Fixed | Fixed |
CVE-2019-18197
Medium priorityIn xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn’t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | Fixed | Fixed |
CVE-2019-13118
Low prioritySome fixes available 4 of 5
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | Fixed | Fixed |
CVE-2019-13117
Low prioritySome fixes available 4 of 5
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | Fixed | Fixed |
CVE-2019-11068
Medium prioritylibxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | Fixed | Fixed |
CVE-2015-9019
Low priorityIn libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | Ignored | Ignored | Ignored | Ignored |
CVE-2017-2477
Medium priorityAn issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the “libxslt” component. It allows remote attackers to cause a denial of service (memory corruption) or possibly...
1 affected package
libxslt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libxslt | — | — | — | — | Not affected |