Search for packages
| purl | pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie |
| Next non-vulnerable version | 1.1.34-4+deb11u2 |
| Latest non-vulnerable version | 1.1.43-0.3 |
| Risk | 2.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gz4b-hjbg-pyfz
Aliases: CVE-2025-10911 |
libxslt: use-after-free with key data stored cross-RVT |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-qpxw-q3mc-xfhz
Aliases: CVE-2025-11731 |
libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-28f2-6usv-zuc1 | libxslt: Out-of-bounds read at xmlGetLineNoInternal() |
CVE-2016-4609
|
| VCID-3f2w-tgya-x3cc | Upstream libxslt vulnerabilities The `xsltAddTextString` function in `transform.c` in libxslt, as used by nokogiri, lacks a check for integer overflow during a size calculation, which allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. |
CVE-2017-5029
GHSA-pf6m-fxpq-fg8v |
| VCID-5nuu-a7bc-jke4 | libxslt: stack-based buffer overflow at exsltDateFormat() |
CVE-2016-4608
|
| VCID-5uqv-dm9p-c7c6 | Improper Restriction of Operations within the Bounds of a Memory Buffer nokogiri mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. |
CVE-2016-1683
|
| VCID-6ss1-s8fx-vqd7 | Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2016-1684
|
| VCID-8a69-3km5-nfgs | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. |
CVE-2011-1202
|
| VCID-96v6-vs1m-skf3 | Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data. |
CVE-2019-13118
GHSA-cf46-6xxh-pc75 |
| VCID-9jk3-t3bn-4fgg | A vulnerability was found in libxslt, possibly resulting in the execution of arbitrary code and Denial of Service. |
CVE-2008-1767
|
| VCID-aauj-xkdy-mbea | libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes |
CVE-2025-7424
|
| VCID-bg26-kj9r-7bea | libxslt: Invalid memory access leading to DoS at exsltDynMapFunction() |
CVE-2016-4610
|
| VCID-e7am-z8tv-47hj | Multiple Denial of Service vulnerabilities have been found in libxslt. |
CVE-2012-2893
|
| VCID-ht3y-d2qq-cyf2 | Multiple Denial of Service vulnerabilities have been found in libxslt. |
CVE-2012-2870
|
| VCID-j8sb-gqej-43bv | Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. |
CVE-2013-2902
|
| VCID-jaep-1ut3-9qan | libxslt: Use-After-Free in libxslt numbers.c |
CVE-2025-24855
|
| VCID-krjm-wk6b-akgk | security update |
CVE-2015-7995
|
| VCID-m4cf-2dcq-uyaj | libxslt: Use after free in xsltDocumentFunctionLoadDocument |
CVE-2016-1841
|
| VCID-nxyn-eknv-tqbf | Use After Free Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2021-30560
GHSA-59gp-qqm7-cw4j |
| VCID-qsfy-5zqh-eygw | Multiple Denial of Service vulnerabilities have been found in libxslt. |
CVE-2013-4520
|
| VCID-sxp3-vtcq-pugw | Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue. |
CVE-2019-18197
GHSA-242x-7cm6-4w8j |
| VCID-tdt5-asvh-ryaa | Bypass of a protection mechanism in libxslt The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. |
CVE-2019-11068
GHSA-qxcg-xjjg-66mj |
| VCID-tp6g-d1wh-ffba | A vulnerability in libxslt could result in Denial of Service. |
CVE-2011-3970
|
| VCID-txm2-sdc1-7uch | Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character. |
CVE-2019-13117
GHSA-4hm9-844j-jmxp |
| VCID-uzdd-8m94-wubv | libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr |
CVE-2025-7425
|
| VCID-wdxa-4bjj-7fe5 | libxslt: Processing web content may disclose sensitive information |
CVE-2023-40403
|
| VCID-wksj-tx4y-cye7 | Uncontrolled Resource Consumption libxml2, as used in Google Chrome, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. |
CVE-2012-2871
|
| VCID-x5dp-mdak-gker | libxslt is affected by a heap-based buffer overflow, possibly leading to the execution of arbitrary code. |
CVE-2008-2935
|
| VCID-yqpr-6kdc-hqbu | Multiple Denial of Service vulnerabilities have been found in libxslt. |
CVE-2012-6139
|
| VCID-yx1j-ja6q-1qaf | Multiple vulnerabilities were discovered in libxslt, the worst of which may allow a remote attacker to execute arbitrary code. |
CVE-2016-4738
|
| VCID-z7hh-qpzy-c7b2 | libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) |
CVE-2024-55549
|
| VCID-zkk5-v65p-zfag | Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. |
CVE-2012-2825
|
| VCID-zwzs-qztz-wbfj | Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. |
CVE-2019-5815
GHSA-vmfx-gcfq-wvm2 |