Xmlsoft Libxslt
21 CVEs affecting Xmlsoft Libxslt. Latest disclosed: 2025-07-10. Critical: 5, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-11068 | Critical | 9.8 | 2019-04-10 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error… |
CVE-2016-4610 | Critical | 9.8 | 2016-07-22 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before… |
CVE-2016-4609 | Critical | 9.8 | 2016-07-22 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before… |
CVE-2016-4608 | Critical | 9.8 | 2016-07-22 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before… |
CVE-2016-4607 | Critical | 9.8 | 2016-07-22 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before… |
CVE-2017-5029 | High | 8.8 | 2017-04-24 | The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2… |
CVE-2025-24855 | High | 7.8 | 2025-03-14 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is… |
CVE-2024-55549 | High | 7.8 | 2025-03-14 | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. |
CVE-2025-7424 | High | 7.5 | 2025-07-10 | A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML t… |
CVE-2019-18197 | High | 7.5 | 2019-10-18 | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed… |
CVE-2016-1684 | High | 7.5 | 2016-06-05 | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attack… |
CVE-2016-1683 | High | 7.5 | 2016-06-05 | numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial o… |
CVE-2019-13118 | Medium | 5.3 | 2019-07-01 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination coul… |
CVE-2019-13117 | Medium | 5.3 | 2019-07-01 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow… |
CVE-2015-9019 | Medium | 5.3 | 2017-04-05 | In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function t… |
CVE-2015-7995 | | 2015-11-17 | The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of se… | |
CVE-2013-4520 | | 2013-12-14 | xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a stru… | |
CVE-2012-6139 | | 2013-04-12 | libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key t… | |
CVE-2012-2870 | | 2012-08-31 | libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial… | |
CVE-2011-3970 | | 2012-02-09 | libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. |