NIXPKGS-2026-0035

published on 18 Jan 2026

Permalink CVE-2025-11731

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 3 months ago
@LeSuisse removed
2 packages
- python312Packages.libxslt
- python313Packages.libxslt
1 month ago
@LeSuisse removed maintainer @jtojnar 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Libxslt: type confusion in exsltfuncresultcompfunction of libxslt

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Affected products

rhcos

libxslt

<1.1.44

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

nixos-unstable 1.1.43
- nixpkgs-unstable 1.1.43
- nixos-unstable-small 1.1.43

Package maintainers

Ignored maintainers (1)

@jtojnar Jan Tojnar <jtojnar@gmail.com>

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0035

Affected products

Matching in nixpkgs

pkgs.libxslt

Package maintainers