VulnerableCode Package Details - pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-95x4-hka7-67eu	numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.	CVE-2025-24855
VCID-azxc-qrv7-auge	A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.	CVE-2025-7424
VCID-m7v6-g4x2-6ue4	xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.	CVE-2024-55549
VCID-yx3x-vt76-13cu	The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.	CVE-2023-40403

Vulnerability

Summary

Aliases

VCID-95x4-hka7-67eu

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

CVE-2025-24855

VCID-azxc-qrv7-auge

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

CVE-2025-7424

VCID-m7v6-g4x2-6ue4

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

CVE-2024-55549

VCID-yx3x-vt76-13cu

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

CVE-2023-40403

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-09-09T22:14:26.695952+00:00	Debian Oval Importer	Fixing	VCID-95x4-hka7-67eu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T21:05:42.475412+00:00	Debian Importer	Fixing	VCID-yx3x-vt76-13cu	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-09-09T20:59:36.132807+00:00	Debian Oval Importer	Fixing	VCID-m7v6-g4x2-6ue4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T19:57:10.691896+00:00	Debian Importer	Fixing	VCID-azxc-qrv7-auge	https://security-tracker.debian.org/tracker/data/json	37.0.0