libxslt: Use-After-Free in libxslt numbers.c

A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...

[SECURITY] Fedora 40 Update: libxml2-2.12.10-1.fc40

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

...

CBL Mariner 2.0 Security Update: libxslt (CVE-2025-24855)

The version of libxslt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24855 advisory. - numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath...

libxslt: Use-After-Free in libxslt numbers.c

A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...

Updated libxslt packages fix security vulnerabilities

xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes CVE-2024-55549. numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValu...

MGASA-2025-0110 Updated libxslt packages fix security vulnerabilities

xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes CVE-2024-55549. numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValu...

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' via the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS action...

[SECURITY] Fedora 41 Update: libxml2-2.12.10-1.fc41

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

[SECURITY] Fedora 42 Update: libxml2-2.12.10-1.fc42

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

SUSE CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

CVE-2025-24855

A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored. Mitigation Mitigation for this issue is either not available or...

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

ALPINE-CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

AZL-58665 CVE-2025-24855 affecting package libxslt for versions less than 1.1.43-1

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

UBUNTU-CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free through the numbers.c component. An attacker can cause memory corruption or execute arbitrary code by exploiting nested XPath evaluations where an XPath context no...