Search for packages
| purl | pkg:deb/debian/libxslt@1.1.32-2.2~deb10u1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-aauj-xkdy-mbea
Aliases: CVE-2025-7424 |
libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes |
Affected by 2 other vulnerabilities. |
|
VCID-jaep-1ut3-9qan
Aliases: CVE-2025-24855 |
libxslt: Use-After-Free in libxslt numbers.c |
Affected by 2 other vulnerabilities. |
|
VCID-nxyn-eknv-tqbf
Aliases: CVE-2021-30560 GHSA-59gp-qqm7-cw4j |
Use After Free Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Affected by 6 other vulnerabilities. |
|
VCID-sxp3-vtcq-pugw
Aliases: CVE-2019-18197 GHSA-242x-7cm6-4w8j |
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue. |
Affected by 6 other vulnerabilities. |
|
VCID-wdxa-4bjj-7fe5
Aliases: CVE-2023-40403 |
libxslt: Processing web content may disclose sensitive information |
Affected by 2 other vulnerabilities. |
|
VCID-z7hh-qpzy-c7b2
Aliases: CVE-2024-55549 |
libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) |
Affected by 2 other vulnerabilities. |
|
VCID-zwzs-qztz-wbfj
Aliases: CVE-2019-5815 GHSA-vmfx-gcfq-wvm2 |
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-96v6-vs1m-skf3 | Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data. |
CVE-2019-13118
GHSA-cf46-6xxh-pc75 |
| VCID-tdt5-asvh-ryaa | Bypass of a protection mechanism in libxslt The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
CVE-2019-11068
GHSA-qxcg-xjjg-66mj |
| VCID-txm2-sdc1-7uch | Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character. |
CVE-2019-13117
GHSA-4hm9-844j-jmxp |