Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: libxslt

Found 4 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2025-11731
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 2 months, 3 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 4 months, 2 weeks ago
  • @LeSuisse removed package python312Packages.libxslt 2 months, 3 weeks ago
  • @LeSuisse removed package python313Packages.libxslt 2 months, 3 weeks ago
  • @LeSuisse removed maintainer @jtojnar 2 months, 3 weeks ago
  • @LeSuisse accepted 2 months, 3 weeks ago
  • @LeSuisse published on GitHub 2 months, 3 weeks ago
Libxslt: type confusion in exsltfuncresultcompfunction of libxslt

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.

Affected products

rhcos
libxslt
  • <1.1.44

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

Package maintainers

Ignored maintainers (1)
Untriaged
Permalink CVE-2025-10911
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 4 months, 2 weeks ago
Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

Affected products

rhcos
libxslt
  • =<1.1.43

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

Package maintainers

Untriaged
Permalink CVE-2025-7425
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 3 weeks ago
Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

References

Affected products

rhcos
  • *
libxml2
  • *
  • <2.15.2
libxslt
rhosdt/jaeger-agent-rhel8
  • *
rhosdt/jaeger-query-rhel8
  • *
rhosdt/jaeger-ingester-rhel8
  • *
rhosdt/jaeger-rhel8-operator
  • *
rhosdt/jaeger-collector-rhel8
  • *
rhosdt/jaeger-operator-bundle
  • *
rhosdt/jaeger-all-in-one-rhel8
  • *
rhosdt/jaeger-es-rollover-rhel8
  • *
discovery/discovery-server-rhel9
  • *
rhosdt/jaeger-es-index-cleaner-rhel8
  • *
web-terminal/web-terminal-tooling-rhel9
  • *
cert-manager/jetstack-cert-manager-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
  • *
openshift-serverless-1/logic-rhel8-operator
  • *
openshift-serverless-1/logic-operator-bundle
  • *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-query-rhel8
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
compliance/openshift-compliance-openscap-rhel8
  • *
compliance/openshift-compliance-rhel8-operator
  • *
openshift-serverless-1/logic-swf-builder-rhel8
  • *
openshift-serverless-1/logic-swf-devmode-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-operator-bundle
  • *
compliance/openshift-compliance-must-gather-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
  • *
compliance/openshift-file-integrity-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
  • *
openshift-serverless-1/logic-db-migrator-tool-rhel8
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *
openshift-serverless-1/logic-management-console-rhel8
  • *
openshift-serverless-1/logic-data-index-ephemeral-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
  • *
openshift-serverless-1/logic-data-index-postgresql-rhel8
  • *
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
  • *
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
  • *
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2025-7424
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 3 weeks ago
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

References

Affected products

rhcos
libxslt
  • <1.1.44

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

  • nixos-unstable -

Package maintainers