CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-55549 – libxslt xsltParseStylesheetProcess Use-After-Free
https://notcve.org/view.php?id=CVE-2024-55549
14 Mar 2025 — xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. Ivan Fratric discovered that Libxslt incorrectly handled certain memory operations when handling documents. A remote attacker could use this issue to cause Libxslt to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://packetstorm.news/files/id/189919 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24855 – libxslt: Use-After-Free in libxslt numbers.c
https://notcve.org/view.php?id=CVE-2025-24855
14 Mar 2025 — numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored. ... • https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 4CVE-2022-29824 – libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-29824
03 May 2022 — In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de búferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbor... • https://packetstorm.news/files/id/167345 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-30560 – Gentoo Linux Security Advisory 202310-23
https://notcve.org/view.php?id=CVE-2021-30560
22 Jul 2021 — Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink XSLT en Google Chrome versiones anteriores a 91.0.4472.164, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Nicolas Gregoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose s... • https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2019-18197 – libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
https://notcve.org/view.php?id=CVE-2019-18197
18 Oct 2019 — In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. En la función xsltCopyText en el archivo transform.c en libxslt versión 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el área de memoria relevante se liberó y reutiliz... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-416: Use After Free CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 1%CPEs: 37EXPL: 0CVE-2019-13118 – Apple Security Advisory 2019-7-22-5
https://notcve.org/view.php?id=CVE-2019-13118
01 Jul 2019 — In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevan... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.3EPSS: 4%CPEs: 11EXPL: 0CVE-2019-13117 – Ubuntu Security Notice USN-4164-1
https://notcve.org/view.php?id=CVE-2019-13117
01 Jul 2019 — In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. En el archivo numbers.c en libxslt versión 1.1.33, un xsl:number con ciertas cadenas de formato conllevaría a una lectura no inicializada en la función xsltNumberFormatInsertNumbers. Esto podría permitir a un atacante discernir si un b... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5815 – chromium-browser: Heap buffer overflow in Blink
https://notcve.org/view.php?id=CVE-2019-5815
07 May 2019 — Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. Una confusión de tipo en la función xsltNumberFormatGetMultipleLevel versiones anteriores a libxslt versión 1.1.33, podría permitir a atacantes explotar potencialmente la corrupción de la pila por medio de datos XML diseñados. Nicolas Gregoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose s... • https://bugs.chromium.org/p/chromium/issues/detail?id=930663 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0CVE-2019-11068 – libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL
https://notcve.org/view.php?id=CVE-2019-11068
10 Apr 2019 — libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2015-9019
https://notcve.org/view.php?id=CVE-2015-9019
05 Apr 2017 — In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. En libxslt 1.1.29 y anteriores, la función EXSLT math.random no se inició con una seed aleatoria durante el arranque, lo que podría hacer que el uso de esta función produzca salidas predecibles. • https://bugzilla.gnome.org/show_bug.cgi?id=758400 • CWE-330: Use of Insufficiently Random Values •