Search for packages
| purl | pkg:deb/debian/libxslt@1.1.29-2.1%2Bdeb9u2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-96v6-vs1m-skf3
Aliases: CVE-2019-13118 GHSA-cf46-6xxh-pc75 |
Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data. |
Affected by 7 other vulnerabilities. |
|
VCID-aauj-xkdy-mbea
Aliases: CVE-2025-7424 |
libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes |
Affected by 2 other vulnerabilities. |
|
VCID-jaep-1ut3-9qan
Aliases: CVE-2025-24855 |
libxslt: Use-After-Free in libxslt numbers.c |
Affected by 2 other vulnerabilities. |
|
VCID-nxyn-eknv-tqbf
Aliases: CVE-2021-30560 GHSA-59gp-qqm7-cw4j |
Use After Free Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Affected by 6 other vulnerabilities. |
|
VCID-sxp3-vtcq-pugw
Aliases: CVE-2019-18197 GHSA-242x-7cm6-4w8j |
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue. |
Affected by 6 other vulnerabilities. |
|
VCID-tdt5-asvh-ryaa
Aliases: CVE-2019-11068 GHSA-qxcg-xjjg-66mj |
Bypass of a protection mechanism in libxslt The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
Affected by 7 other vulnerabilities. |
|
VCID-txm2-sdc1-7uch
Aliases: CVE-2019-13117 GHSA-4hm9-844j-jmxp |
Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character. |
Affected by 7 other vulnerabilities. |
|
VCID-wdxa-4bjj-7fe5
Aliases: CVE-2023-40403 |
libxslt: Processing web content may disclose sensitive information |
Affected by 2 other vulnerabilities. |
|
VCID-z7hh-qpzy-c7b2
Aliases: CVE-2024-55549 |
libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) |
Affected by 2 other vulnerabilities. |
|
VCID-zwzs-qztz-wbfj
Aliases: CVE-2019-5815 GHSA-vmfx-gcfq-wvm2 |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-28f2-6usv-zuc1 | libxslt: Out-of-bounds read at xmlGetLineNoInternal() |
CVE-2016-4609
|
| VCID-3f2w-tgya-x3cc | Upstream libxslt vulnerabilities The `xsltAddTextString` function in `transform.c` in libxslt, as used by nokogiri, lacks a check for integer overflow during a size calculation, which allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. |
CVE-2017-5029
GHSA-pf6m-fxpq-fg8v |
| VCID-5nuu-a7bc-jke4 | libxslt: stack-based buffer overflow at exsltDateFormat() |
CVE-2016-4608
|
| VCID-5uqv-dm9p-c7c6 | Improper Restriction of Operations within the Bounds of a Memory Buffer nokogiri mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. |
CVE-2016-1683
|
| VCID-6ss1-s8fx-vqd7 | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2016-1684
|
| VCID-bg26-kj9r-7bea | libxslt: Invalid memory access leading to DoS at exsltDynMapFunction() |
CVE-2016-4610
|
| VCID-krjm-wk6b-akgk | security update |
CVE-2015-7995
|
| VCID-m4cf-2dcq-uyaj | libxslt: Use after free in xsltDocumentFunctionLoadDocument |
CVE-2016-1841
|
| VCID-yx1j-ja6q-1qaf | Multiple vulnerabilities were discovered in libxslt, the worst of which may allow a remote attacker to execute arbitrary code. |
CVE-2016-4738
|