FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxslt -- multiple vulnerabilities

Affected packages
libxslt < 1.1.43

Details

VuXML ID a96cd659-303e-11f0-94b5-54ee755069b5
Discovery 2025-03-13
Entry 2025-05-13

[CVE-2024-55549] Fix UAF related to excluded namespaces

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

[CVE-2025-24855] Fix use-after-free of XPath context node

numbers.c in libxslt before 1.1.43 has a use-after-free because , in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

References

CVE Name CVE-2024-55549
CVE Name CVE-2025-24855
URL https://nvd.nist.gov/vuln/detail/CVE-2024-55549
URL https://nvd.nist.gov/vuln/detail/CVE-2025-24855