Nixpkgs security tracker

Untriaged

Permalink CVE-2025-10911

5.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 6 months ago Activity log

Created suggestion 6 months ago

Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

References

https://access.redhat.com/security/cve/CVE-2025-10911 vdb-entryx_refsource_REDHAT
RHBZ#2397838 issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/libxslt/-/issues/144
https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77

Affected products

rhcos

libxslt

=<1.1.43

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

nixos-unstable 1.1.43
- nixpkgs-unstable 1.1.43
- nixos-unstable-small 1.1.43

pkgs.python312Packages.libxslt

C library and tools to do XSL transformations

nixos-unstable 1.1.43
- nixpkgs-unstable 1.1.43
- nixos-unstable-small 1.1.43

pkgs.python313Packages.libxslt

C library and tools to do XSL transformations

nixos-unstable 1.1.43
- nixpkgs-unstable 1.1.43
- nixos-unstable-small 1.1.43

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libxslt

pkgs.python312Packages.libxslt

pkgs.python313Packages.libxslt

Package maintainers