Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: python313Packages.libxslt

Found 3 matching suggestions

Untriaged
Permalink CVE-2025-10911
created 3 months ago
Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

Affected products

rhcos
libxslt
  • =<1.1.43

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2025-7425
created 5 months ago
Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Affected products

rhcos
  • *
libxml2
  • <2.15.2
  • *
libxslt
rhosdt/jaeger-agent-rhel8
  • *
rhosdt/jaeger-query-rhel8
  • *
rhosdt/jaeger-ingester-rhel8
  • *
rhosdt/jaeger-rhel8-operator
  • *
rhosdt/jaeger-collector-rhel8
  • *
rhosdt/jaeger-operator-bundle
  • *
rhosdt/jaeger-all-in-one-rhel8
  • *
rhosdt/jaeger-es-rollover-rhel8
  • *
discovery/discovery-server-rhel9
  • *
rhosdt/jaeger-es-index-cleaner-rhel8
  • *
web-terminal/web-terminal-tooling-rhel9
  • *
cert-manager/jetstack-cert-manager-rhel9
  • *
web-terminal/web-terminal-rhel9-operator
  • *
openshift-serverless-1/logic-rhel8-operator
  • *
openshift-serverless-1/logic-operator-bundle
  • *
registry.redhat.io/rhosdt/jaeger-agent-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-query-rhel8
  • *
insights-proxy/insights-proxy-container-rhel9
  • *
compliance/openshift-compliance-openscap-rhel8
  • *
compliance/openshift-compliance-rhel8-operator
  • *
openshift-serverless-1/logic-swf-builder-rhel8
  • *
openshift-serverless-1/logic-swf-devmode-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-ingester-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-collector-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-operator-bundle
  • *
compliance/openshift-compliance-must-gather-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8
  • *
compliance/openshift-file-integrity-rhel8-operator
  • *
registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8
  • *
openshift-serverless-1/logic-db-migrator-tool-rhel8
  • *
registry.redhat.io/discovery/discovery-server-rhel9
  • *
openshift-serverless-1/logic-management-console-rhel8
  • *
openshift-serverless-1/logic-data-index-ephemeral-rhel8
  • *
registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8
  • *
openshift-serverless-1/logic-data-index-postgresql-rhel8
  • *
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8
  • *
openshift-serverless-1/logic-jobs-service-postgresql-rhel8
  • *
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8
  • *
registry.redhat.io/insights-proxy/insights-proxy-container-rhel9
  • *

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

  • nixos-unstable -

Package maintainers

Untriaged
Permalink CVE-2025-7424
created 5 months ago
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Affected products

rhcos
libxslt
  • <1.1.44

Matching in nixpkgs

pkgs.libxslt

C library and tools to do XSL transformations

  • nixos-unstable -

Package maintainers