Shodan
Vulnerabilities
Vulnerable Software
Xmlsoft:  >> Libxslt  >> 1.1.29  Security Vulnerabilities
CVE-2024-55549
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-14
CVE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-03-14
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-05-03
CVE-2021-30560
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-03
CVE-2019-5815
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-12-11
CVE-2019-11068
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-04-10
CVE-2017-5029
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.024
Published
2017-04-24
CVE-2015-9019
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
CVSS Score
5.3
EPSS Score
0.01
Published
2017-04-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved