Search for packages
| purl | pkg:rpm/redhat/libxslt@1.1.32-5?arch=el8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-sxp3-vtcq-pugw
Aliases: CVE-2019-18197 GHSA-242x-7cm6-4w8j |
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue. | There are no reported fixed by versions. |
|
VCID-tdt5-asvh-ryaa
Aliases: CVE-2019-11068 GHSA-qxcg-xjjg-66mj |
Bypass of a protection mechanism in libxslt The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:20:17.533805+00:00 | RedHat Importer | Affected by | VCID-tdt5-asvh-ryaa | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json | 38.0.0 |
| 2026-04-01T14:15:24.455307+00:00 | RedHat Importer | Affected by | VCID-sxp3-vtcq-pugw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json | 38.0.0 |