25 matches found
CVE-2019-11068
CVE-2019-11068 affects libxslt up to 1.1.33. The vulnerability arises because xsltCheckRead/xsltCheckWrite can permit access even after a -1 error, enabling protection bypass. According to the linked advisories, this vulnerability has a CVSSv3 base score of 9.8 (NETWORK, LOW attack complexity, NO...
CVE-2019-18197
CVE-2019-18197 affects libxslt 1.1.33: in xsltCopyText (transform.c) a pointer variable isn’t reset under certain circumstances, and if the memory area freed and reused in a specific way, a bounds check could fail and memory outside a buffer could be written to or uninitialized data disclosed. Mu...
CVE-2022-29824
Summary: CVE-2022-29824 affects libxml2 up to version 2.9.14. Several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) fail to check integer overflows, causing out-of-bounds memory writes when processing crafted XML files. This vulnerability also affects software that uses lib...
CVE-2021-30560
CVE-2021-30560 is a use-after-free vulnerability in the Blink XSLT component of the Chromium/Google Chrome rendering engine prior to version 91.0.4472.164. The documented impact is potential heap corruption/execution of arbitrary code via a crafted HTML page. Connected advisories consistently ref...
CVE-2019-13118
CVE-2019-13118 affects libxslt 1.1.33, where a too-narrow type holding grouping characters in xsl:number can pass an invalid character/length to xsltNumberFormatDecimal, causing a read of uninitialized stack data (stack overflow vulnerability). Connected Apple advisories (HT210351, HT210346, HT21...
CVE-2019-13117
This CVE affects libxslt 1.1.33 (numbers.c): an xsl:number with certain format strings can trigger an uninitialized read in xsltNumberFormatInsertNumbers, potentially allowing an attacker to discern whether a stack byte is one of several characters (e.g., A, a, I, i, 0, etc.). Connected documents...
CVE-2019-5815
CVE-2019-5815 describes a type confusion in libxslt’s xsltNumberFormatGetMultipleLevel causing heap corruption when processing crafted XML data. Connected advisories (Debian DLA, Debian security tracker, Cloud Foundry USN, etc.) confirm libxslt as the affected component and indicate that fixes ex...
CVE-2024-55549
CVE-2024-55549 affects libxslt prior to 1.1.43, with a use-after-free in xsltGetInheritedNsList (exclusion of result prefixes). Multiple advisories (e.g., ALAS/AL2, ALSA, Astra Linux, CBL-Mariner) confirm the issue and list libxslt as vulnerable in affected packages before 1.1.43. The connected d...
CVE-2025-24855
CVE-2025-24855 affects libxslt, specifically numbers.c, where a use-after-free can occur during nested XPath evaluations if the XPath context node is modified but not restored. The issue is documented as a Use-After-Free in numbers.c and is connected to related code paths xsltNumberFormatGetValue...
CVE-2017-5029
CVE-2017-5029 affects libxslt 1.1.29 and is used by Blink/Chrome. The issue is an integer overflow in xsltAddTextString during a size calculation, enabling a remote attacker to cause an out-of-bounds memory write via a crafted HTML page. Connected records corroborate the libxslt involvement and i...
CVE-2011-1202
The CVE-2011-1202 issue affects libxslt 1.1.26 and earlier, where xsltGenerateIdFunction could leak heap addresses via an XSLT generate-id call (affects Chrome before 10.0.648.127 and other products). Impact: potential disclosure of memory addresses; no explicit exploitation details provided. Roo...
CVE-2016-1683
CVE-2016-1683 affects libxslt prior to 1.1.29, as used in Google Chrome before 51.0.2704.63. The issue arises from numbers.c in libxslt, where namespace nodes are mishandled, enabling a remote attacker to trigger out-of-bounds heap memory access and cause a denial of service (with potential unspe...
CVE-2015-7995
CVE-2015-7995 affects libxslt and is described as a type confusion in the xsltStylePreCompute() function that could lead to a denial of service when processing crafted XML. Public documents corroborate libxslt involvement across vendors (e.g., Debian security advisories cite this CVE with fixes i...
CVE-2016-1684
CVE-2016-1684 is a libxslt vulnerability listed in Apple advisories and related OS X/iOS updates. Connected documents indicate libxslt multiple memory corruption issues were addressed (no explicit root-cause or fix version provided in the sources). Affected products include libxslt in Apple platf...
CVE-2016-4610
CVE-2016-4610 affects libxslt in multiple Apple platforms: iOS (pre-9.3.3), OS X (pre-10.11.6), iTunes (pre-12.4.2 on Windows), iCloud (pre-5.2.1 on Windows), tvOS (pre-9.2.2), and watchOS (pre-2.2.2). The vulnerability allows remote attackers to cause a denial of service through memory corruptio...
CVE-2016-4609
CVE-2016-4609 affects libxslt across Apple platforms: iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 on Windows, iCloud prior to 5.2.1 on Windows, tvOS prior to 9.2.2, and watchOS prior to 2.2.2. The vulnerability allows remote attackers to cause a denial of service via memory ...
CVE-2012-2870
CVE-2012-2870 affects libxslt 1.1.26 and earlier (as used in Google Chrome up to 21.0.1180.89). Root cause: memory management bugs in libxslt, specifically in xsltCompileLocationPathPattern (pattern.c) and xsltGenerateIdFunction (functions.c). Impact: remote attackers could trigger a denial of se...
CVE-2015-9019
CVE-2015-9019 affects libxslt 1.1.29 and earlier, where the EXSLT math.random function is not initialized with a random seed at startup, which could cause predictable outputs. The Connected Documents confirm this CVE entry and describe the root cause (missing random seed) and the affected version...
CVE-2011-3970
CVE-2011-3970 affects libxslt as used in Google Chrome prior to 17.0.963.46, enabling a remote attacker to cause a denial of service via an out-of-bounds read (vectors not specified in the entry). The issue has been addressed in downstream advisories and Chrome updates; Chrome/SUSE/Fedora advisor...
CVE-2012-6139
CVE-2012-6139 affects libxslt up to version 1.1.27 (before 1.1.28). The vulnerability allows a remote attacker to cause a denial of service (NULL pointer dereference and crash) via: (1) an empty match attribute in a XSL key to the xsltAddKey function in keys.c, and (2) an uninitialized variable t...
CVE-2008-2935
CVE-2008-2935 affects libxslt 1.1.8–1.1.24 via heap-based buffer overflows in the RC4 S-Box code in libexslt (exsltCryptoRc4EncryptFunction/exsltCryptoRc4DecryptFunction). An XML stylesheet containing a long string as an argument in the XSL input could allow a context-dependent attacker to execut...
CVE-2016-4607
CVE-2016-4607 affects libxslt and impacts multiple Apple platforms: iOS before 9.3.3; OS X before 10.11.6; iTunes before 12.4.2 on Windows; iCloud before 5.2.1 on Windows; tvOS before 9.2.2; watchOS before 2.2.2. The issue allows remote attackers to cause memory corruption and potential denial of...
CVE-2016-4608
CVE-2016-4608 affects libxslt across Apple iOS (before 9.3.3), OS X (before 10.11.6), iTunes (before 12.4.2 on Windows), iCloud (before 5.2.1 on Windows), tvOS (before 9.2.2) and watchOS (before 2.2.2). The vulnerability permits remote memory corruption leading to denial of service and possibly o...
CVE-2013-4520
CVE-2013-4520 affects the libxslt XSLT library. The vulnerability is in xslt.c for versions before 1.1.25, where a stylesheet embedding a DTD can cause a structure to be accessed as a different type, enabling a context-dependent Denial of Service (crash). The issue is noted as a consequence of an...
CVE-2025-7424
The CVE-2025-7424 issue is a type-confusion vulnerability in libxslt (xmlNode.psvi) that mixes the same memory field for stylesheet and input nodes, potentially crashing the application or corrupting memory. Connected advisories show affected libxslt versions (e.g., < 1.1.34-10 in some Mariner...