xmlsoft

libxslt

10 known vulnerabilities · sorted by CVSS score

CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

xmlsoft / libxslt+30

Network

Published Apr 10, 2019

CVE-2021-30560

HIGH8.8

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

google / chrome+6

Network

Published Aug 3, 2021

CVE-2024-55549

HIGH7.8

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

xmlsoft / libxslt

Local

Published Mar 14, 2025

CVE-2025-24855

HIGH7.8

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

xmlsoft / libxslt

Local

Published Mar 14, 2025

CVE-2025-7424

HIGH7.5

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

xmlsoft / libxslt+6

Network

Published Jul 10, 2025

CVE-2019-18197

HIGH7.5

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

xmlsoft / libxslt+7

Network

Published Oct 18, 2019

CVE-2019-5815

HIGH7.5

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

xmlsoft / libxslt+1

Network

Published Dec 11, 2019

CVE-2022-29824

MEDIUM6.5

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

xmlsoft / libxml2+22

Network

Published May 3, 2022

CVE-2019-13118

MEDIUM5.3

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

xmlsoft / libxslt+36

Network

Published Jul 1, 2019

CVE-2019-13117

MEDIUM5.3

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

xmlsoft / libxslt+10

Network

Published Jul 1, 2019