Vulnerabilities

CVE-2025-24855

by Fred · 14/03/2025

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Assigner : cve@mitre.org

More information : https://gitlab.gnome.org/GNOME/libxslt/-/issues/128

Similar

Tags: Cybersecurity Alert