Latest xmlsoft libxslt Vulnerabilities

CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation r...
redhat/libxml2<0:2.9.7-13.el8_6.1
redhat/libxml2<0:2.9.13-1.el9_0.1
debian/libxml2<=2.9.10+dfsg-6.7<=2.9.10+dfsg-6.7+deb11u1<=2.9.4+dfsg1-7+deb10u3<=2.9.13+dfsg-1<=2.9.4+dfsg1-7
debian/libxml2
redhat/libxml2<2.9.14
Xmlsoft Libxml2<2.9.14
and 27 more
CVE-2021-30560
Use after free in Blink XSLT
rubygems/nokogiri<1.13.2
debian/chromium<=90.0.4430.212-1~deb10u1
debian/libxslt<=1.1.32-2.2~deb10u1
Google Chrome<91.0.4472.164
Xmlsoft Libxslt<1.1.35
Debian Debian Linux=10.0
and 5 more
CVE-2019-5815
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
Xmlsoft Libxslt<1.1.33
Debian Debian Linux=10.0
debian/chromium
debian/libxslt<=1.1.32-2.2~deb10u1
CVE-2019-18197
A vulnerabiliy was found in xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a ...
=1.1.33
=12.04
=14.04
=16.04
=18.04
and 19 more
CVE-2019-13117
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on...
debian/libxslt
ubuntu/libxslt<1.1.29-5ubuntu0.2
ubuntu/libxslt<1.1.32-2ubuntu0.2
ubuntu/libxslt<1.1.28-2ubuntu0.2+
ubuntu/libxslt<1.1.28-2.1ubuntu0.3
Xmlsoft Libxslt=1.1.33
and 10 more
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, l...
Apple iTunes for Windows<12.9.6
Apple iCloud for Windows<7.13
Apple iCloud for Windows<10.6
Apple watchOS<5.3
Apple macOS Mojave<10.14.6
Apple High Sierra
and 45 more
CVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a ...
ubuntu/libxslt<1.1.28-2ubuntu0.2
ubuntu/libxslt<1.1.28-2.1ubuntu0.2
ubuntu/libxslt<1.1.29-5ubuntu0.1
ubuntu/libxslt<1.1.32-2ubuntu0.1
debian/libxslt
Xmlsoft Libxslt<=1.1.33
and 30 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203