Untriaged
Permalink
CVE-2025-7424
7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.
References
Affected products
rhcos
libxslt
- <1.1.44
Matching in nixpkgs
pkgs.python312Packages.libxslt
C library and tools to do XSL transformations
-
nixos-unstable -
- nixpkgs-unstable 1.1.43
pkgs.python313Packages.libxslt
C library and tools to do XSL transformations
-
nixos-unstable -
- nixpkgs-unstable 1.1.43
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>