VulnerableCode Package Details - pkg:deb/debian/libxslt@1.1.32-2.1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-96v6-vs1m-skf3	Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.	CVE-2019-13118 GHSA-cf46-6xxh-pc75
VCID-tdt5-asvh-ryaa	Bypass of a protection mechanism in libxslt The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.	CVE-2019-11068 GHSA-qxcg-xjjg-66mj
VCID-txm2-sdc1-7uch	Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.	CVE-2019-13117 GHSA-4hm9-844j-jmxp

Vulnerability

Summary

Aliases

VCID-96v6-vs1m-skf3

Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.

CVE-2019-13118
GHSA-cf46-6xxh-pc75

VCID-tdt5-asvh-ryaa

Bypass of a protection mechanism in libxslt The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

CVE-2019-11068
GHSA-qxcg-xjjg-66mj

VCID-txm2-sdc1-7uch

Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.

CVE-2019-13117
GHSA-4hm9-844j-jmxp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:02:11.442905+00:00	Debian Importer	Fixing	VCID-96v6-vs1m-skf3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:41:31.793637+00:00	Debian Importer	Fixing	VCID-tdt5-asvh-ryaa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:10:38.363417+00:00	Debian Importer	Fixing	VCID-txm2-sdc1-7uch	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:57:38.630989+00:00	Debian Importer	Fixing	VCID-96v6-vs1m-skf3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:58:03.269757+00:00	Debian Importer	Fixing	VCID-tdt5-asvh-ryaa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:50:17.789908+00:00	Debian Importer	Fixing	VCID-txm2-sdc1-7uch	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:30:11.030843+00:00	Debian Importer	Fixing	VCID-96v6-vs1m-skf3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:10.982090+00:00	Debian Importer	Fixing	VCID-txm2-sdc1-7uch	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:30:10.932641+00:00	Debian Importer	Fixing	VCID-tdt5-asvh-ryaa	https://security-tracker.debian.org/tracker/data/json	38.1.0