CVE-2025-24855

CVE-2025-24855

Name

CVE-2025-24855

Description

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://gitlab.gnome.org/GNOME/libxslt/-/issues/128

Type

URI

cve@mitre.org

https://gitlab.gnome.org/GNOME/libxslt/-/issues/128

CPE URI	Source package	Min version	Max version
	libxslt	>= 0	< 1.1.43

CPE URI

Source package

Min version

Max version

libxslt

>= 0

< 1.1.43

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libxslt	edge-main	1.1.43-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
libxslt	3.21-main	1.1.42-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
libxslt	3.20-main	1.1.39-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
libxslt	3.19-main	1.1.39-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
libxslt	3.18-main	1.1.38-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
libxslt	edge-main	1.1.42-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
qt5-qtwebengine	edge-community	5.15.17-r10	Bart Ribbers <bribbers@disroot.org>	fixed
qt5-qtwebengine	3.21-community	5.15.17-r7	Bart Ribbers <bribbers@disroot.org>	fixed
qt6-qtwebengine	edge-community	6.8.2-r3	Bart Ribbers <bribbers@disroot.org>	fixed

Source package

Branch

Version

Maintainer

Status

libxslt

edge-main

1.1.43-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

libxslt

3.21-main