VulnerableCode Package Details - pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-azxc-qrv7-auge Aliases: CVE-2025-7424	A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.	1.1.35-2 Affected by 0 other vulnerabilities.
VCID-yx3x-vt76-13cu Aliases: CVE-2023-40403	The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.	1.1.35-2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-azxc-qrv7-auge
Aliases:
CVE-2025-7424

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

1.1.35-2
Affected by 0 other vulnerabilities.

VCID-yx3x-vt76-13cu
Aliases:
CVE-2023-40403

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

1.1.35-2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-95x4-hka7-67eu	numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.	CVE-2025-24855
VCID-m7v6-g4x2-6ue4	xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.	CVE-2024-55549

Vulnerability

Summary

Aliases

VCID-95x4-hka7-67eu

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

CVE-2025-24855

VCID-m7v6-g4x2-6ue4

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

CVE-2024-55549

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-15T12:49:44.504139+00:00	Debian Importer	Affected by	VCID-yx3x-vt76-13cu	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-15T12:06:36.831750+00:00	Debian Importer	Affected by	VCID-azxc-qrv7-auge	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:37:29.220161+00:00	Debian Oval Importer	Fixing	VCID-95x4-hka7-67eu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:41:42.014761+00:00	Debian Oval Importer	Fixing	VCID-m7v6-g4x2-6ue4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0