Libxslt Security Vulnerabilities and Issues — Libxslt CVE List

Lucene search

XmlsoftLibxslt

24 matches found

CVE•added 2019/04/10 8:29 p.m.•473 views

CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

9.8CVSS9.4AI score0.01109EPSS

CVE•added 2019/10/18 9:15 p.m.•472 views

CVE-2019-18197

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be discl...

7.5CVSS7.6AI score0.01875EPSS

CVE•added 2021/08/03 7:15 p.m.•361 views

CVE-2021-30560

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.00092EPSS

CVE•added 2022/05/03 3:15 a.m.•354 views

CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer ...

6.5CVSS6.8AI score0.00041EPSS

CVE•added 2019/07/01 2:15 a.m.•297 views

CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

5.3CVSS6.1AI score0.01193EPSS

CVE•added 2019/07/01 2:15 a.m.•249 views

CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

5.3CVSS5.9AI score0.05184EPSS

CVE•added 2019/12/11 1:15 a.m.•230 views

CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

7.5CVSS8AI score0.00095EPSS

CVE•added 2017/04/24 11:59 p.m.•180 views

CVE-2017-5029

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bou...

8.8CVSS7.6AI score0.02655EPSS

CVE•added 2025/03/14 2:15 a.m.•124 views

CVE-2024-55549

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

7.8CVSS7.6AI score0.00005EPSS

CVE•added 2025/03/14 2:15 a.m.•122 views

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

7.8CVSS7.6AI score0.00006EPSS

CVE•added 2016/06/05 11:59 p.m.•110 views

CVE-2016-1683

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

7.5CVSS8.1AI score0.00532EPSS

CVE•added 2015/11/17 3:59 p.m.•105 views

CVE-2015-7995

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

5CVSS6.1AI score0.03037EPSS

CVE•added 2011/03/11 2:1 a.m.•95 views

CVE-2011-1202

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT genera...

4.3CVSS7.1AI score0.00524EPSS

CVE•added 2016/06/05 11:59 p.m.•90 views

CVE-2016-1684

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document...

7.5CVSS8.2AI score0.0055EPSS

CVE•added 2016/07/22 2:59 a.m.•86 views

CVE-2016-4609

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.2AI score

CVE•added 2016/07/22 2:59 a.m.•86 views

CVE-2016-4610

9.8CVSS9.2AI score

CVE•added 2012/08/31 7:55 p.m.•84 views

CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xs...

4.3CVSS6.6AI score0.00906EPSS

CVE•added 2017/04/05 9:59 p.m.•77 views

CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

5.3CVSS6.3AI score0.00984EPSS

CVE•added 2012/02/09 4:10 a.m.•72 views

CVE-2011-3970

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

4.3CVSS6.8AI score0.00374EPSS

CVE•added 2013/04/12 10:55 p.m.•72 views

CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

5CVSS8.9AI score0.04603EPSS

CVE•added 2016/07/22 2:59 a.m.•63 views

CVE-2016-4608

9.8CVSS9.2AI score

CVE•added 2016/07/22 2:59 a.m.•61 views

CVE-2016-4607

9.8CVSS9.2AI score

CVE•added 2013/12/14 8:55 p.m.•60 views

CVE-2013-4520

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

4.3CVSS7.2AI score0.01432EPSS

CVE•added 2008/08/01 2:41 p.m.•58 views

CVE-2008-2935

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file con...

7.5CVSS7.2AI score0.20676EPSS