Search for packages
| purl | pkg:deb/debian/libxslt@1.1.26-14.1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-28f2-6usv-zuc1
Aliases: CVE-2016-4609 |
libxslt: Out-of-bounds read at xmlGetLineNoInternal() |
Affected by 10 other vulnerabilities. |
|
VCID-3f2w-tgya-x3cc
Aliases: CVE-2017-5029 GHSA-pf6m-fxpq-fg8v |
Upstream libxslt vulnerabilities The `xsltAddTextString` function in `transform.c` in libxslt, as used by nokogiri, lacks a check for integer overflow during a size calculation, which allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. |
Affected by 10 other vulnerabilities. |
|
VCID-5nuu-a7bc-jke4
Aliases: CVE-2016-4608 |
libxslt: stack-based buffer overflow at exsltDateFormat() |
Affected by 10 other vulnerabilities. |
|
VCID-5uqv-dm9p-c7c6
Aliases: CVE-2016-1683 |
Improper Restriction of Operations within the Bounds of a Memory Buffer nokogiri mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. |
Affected by 19 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-6ss1-s8fx-vqd7
Aliases: CVE-2016-1684 |
Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
Affected by 19 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-96v6-vs1m-skf3
Aliases: CVE-2019-13118 GHSA-cf46-6xxh-pc75 |
Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data. |
Affected by 7 other vulnerabilities. |
|
VCID-aauj-xkdy-mbea
Aliases: CVE-2025-7424 |
libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes |
Affected by 2 other vulnerabilities. |
|
VCID-bg26-kj9r-7bea
Aliases: CVE-2016-4610 |
libxslt: Invalid memory access leading to DoS at exsltDynMapFunction() |
Affected by 10 other vulnerabilities. |
|
VCID-jaep-1ut3-9qan
Aliases: CVE-2025-24855 |
libxslt: Use-After-Free in libxslt numbers.c |
Affected by 2 other vulnerabilities. |
|
VCID-krjm-wk6b-akgk
Aliases: CVE-2015-7995 |
security update |
Affected by 19 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-m4cf-2dcq-uyaj
Aliases: CVE-2016-1841 |
libxslt: Use after free in xsltDocumentFunctionLoadDocument |
Affected by 10 other vulnerabilities. |
|
VCID-nxyn-eknv-tqbf
Aliases: CVE-2021-30560 GHSA-59gp-qqm7-cw4j |
Use After Free Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Affected by 6 other vulnerabilities. |
|
VCID-sxp3-vtcq-pugw
Aliases: CVE-2019-18197 GHSA-242x-7cm6-4w8j |
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue. |
Affected by 6 other vulnerabilities. |
|
VCID-tdt5-asvh-ryaa
Aliases: CVE-2019-11068 GHSA-qxcg-xjjg-66mj |
Bypass of a protection mechanism in libxslt The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
Affected by 7 other vulnerabilities. |
|
VCID-txm2-sdc1-7uch
Aliases: CVE-2019-13117 GHSA-4hm9-844j-jmxp |
Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character. |
Affected by 7 other vulnerabilities. |
|
VCID-wdxa-4bjj-7fe5
Aliases: CVE-2023-40403 |
libxslt: Processing web content may disclose sensitive information |
Affected by 2 other vulnerabilities. |
|
VCID-yx1j-ja6q-1qaf
Aliases: CVE-2016-4738 |
Multiple vulnerabilities were discovered in libxslt, the worst of which may allow a remote attacker to execute arbitrary code. |
Affected by 19 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-z7hh-qpzy-c7b2
Aliases: CVE-2024-55549 |
libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) |
Affected by 2 other vulnerabilities. |
|
VCID-zwzs-qztz-wbfj
Aliases: CVE-2019-5815 GHSA-vmfx-gcfq-wvm2 |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8a69-3km5-nfgs | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. |
CVE-2011-1202
|
| VCID-e7am-z8tv-47hj | Multiple Denial of Service vulnerabilities have been found in libxslt. |
CVE-2012-2893
|
| VCID-ht3y-d2qq-cyf2 | Multiple Denial of Service vulnerabilities have been found in libxslt. |
CVE-2012-2870
|
| VCID-tp6g-d1wh-ffba | A vulnerability in libxslt could result in Denial of Service. |
CVE-2011-3970
|
| VCID-wksj-tx4y-cye7 | Uncontrolled Resource Consumption libxml2, as used in Google Chrome, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. |
CVE-2012-2871
|
| VCID-yqpr-6kdc-hqbu | Multiple Denial of Service vulnerabilities have been found in libxslt. |
CVE-2012-6139
|
| VCID-zkk5-v65p-zfag | Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. |
CVE-2012-2825
|