CVE-2025-7424

High CVSS: 7.5

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Vendor

Xmlsoft

Product

Libxslt

CWE

CWE-843

Yayın Tarihi

2025-07-10 14:15:27

Güncelleme

2026-03-23 18:16:24

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-843 Libxslt HIGH Xmlsoft 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-7424 https://bugzilla.redhat.com/show_bug.cgi?id=2379228 https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 http://seclists.org/fulldisclosure/2025/Aug/0 http://seclists.org/fulldisclosure/2025/Jul/30 http://seclists.org/fulldisclosure/2025/Jul/32 http://seclists.org/fulldisclosure/2025/Jul/33 http://seclists.org/fulldisclosure/2025/Jul/35 http://seclists.org/fulldisclosure/2025/Jul/37 http://www.openwall.com/lists/oss-security/2025/07/11/2 https://lists.debian.org/debian-lts-announce/2025/09/msg00024.html

Benzer Kayıtlar

Medium

CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to caus…

High

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a…

Low

CVE-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer un…

Medium

CVE-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindi…

High

CVE-2024-55549

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

High

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can…