CVE-2024-55549

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
mitreCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
xmlsoftlibxslt
𝑥
< 1.1.43
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxslt
bullseye
vulnerable
bullseye (security)
1.1.34-4+deb11u3
fixed
bookworm
1.1.35-1+deb12u2
fixed
bookworm (security)
1.1.35-1+deb12u3
fixed
trixie (security)
1.1.35-1.2+deb13u2
fixed
trixie
1.1.35-1.2+deb13u2
fixed
forky
1.1.43-0.3
fixed
sid
1.1.43-0.3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxslt
plucky
Fixed 1.1.39-0exp1ubuntu3
released
oracular
Fixed 1.1.39-0exp1ubuntu1.1
released
noble
Fixed 1.1.39-0exp1ubuntu0.24.04.1
released
jammy
Fixed 1.1.34-4ubuntu0.22.04.2
released
focal
Fixed 1.1.34-4ubuntu0.20.04.2
released
bionic
Fixed 1.1.29-5ubuntu0.3+esm2
released
xenial
Fixed 1.1.28-2.1ubuntu0.3+esm3
released
trusty
Fixed 1.1.28-2ubuntu0.2+esm4
released
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html