PT-2025-11225 · Libxslt+12 · Libxslt+12

Published

2024-12-03

·

Updated

2026-05-08

·

CVE-2024-55549

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libxslt versions prior to 1.1.43 libxslt versions 1.1.34-4ubuntu0.20.04.2 libxslt versions 1.1.35-1+deb12u1
Description libxslt is a library used for transforming XML files into other formats using XSLT. A use-after-free issue exists in the xsltGetInheritedNsList function in libxslt versions prior to 1.1.43. This flaw could allow an attacker to potentially execute arbitrary code or cause a denial of service by providing a specially crafted XML file. The vulnerability is also present in versions 1.1.34-4ubuntu0.20.04.2 and has been addressed in version 1.1.35-1+deb12u1.
Recommendations Upgrade to libxslt version 1.1.43 or later. Upgrade to libxslt version 1.1.35-1+deb12u1. Upgrade to libxslt version 1.1.34-4ubuntu0.20.04.2.

Fix

Use After Free

Weakness Enumeration

CWE-1395CWE-416

Related Identifiers

ALSA-2025:3615
ALSA-2025:4025
ALSA-2025:7410
ALSA-2025:7496
ALT-PU-2025-13573
AZL-58635
AZL-58680
BDU:2025-03641
BIT-JAVA-2024-55549
BIT-JAVA-MIN-2024-55549
BIT-JRE-2024-55549
CESA-2025_3615
CVE-2024-55549
DLA-4089-1
DSA-5884-1
GHSA-MRXW-MXHJ-P664
INFSA-2025_3615
INFSA-2025_4025
INFSA-2025_7410
MGASA-2025-0110
OESA-2025-1296
OPENSUSE-SU-2025:14894-1
OPENSUSE-SU-2025:15531-1
OPENSUSE-SU-2025_1003-1
OPENSUSE-SU-2025_1125-1
RHSA-2025:3612
RHSA-2025:3613
RHSA-2025:3614
RHSA-2025:3615
RHSA-2025:3619
RHSA-2025:3624
RHSA-2025:3625
RHSA-2025:3626
RHSA-2025:3627
RHSA-2025:4025
RHSA-2025:4098
RHSA-2025:7410
RHSA-2025:7496
RHSA-2025_3615
RHSA-2025_4025
RHSA-2025_7410
ROSA-SA-2025-2869
SUSE-SU-2025:1003-1
SUSE-SU-2025:1125-1
SUSE-SU-2025:1494-1
SUSE-SU-2025:20201-1
SUSE-SU-2025:20277-1
SUSE-SU-2025_1494-1
USN-7357-1
USN-7787-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libxslt