CVE-2024-55549: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

7.8 CVSS

Description

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Vendor: xmlsoft

Product: libxslt

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.3% (scored less or equal to compared to others)

EPSS Date: 2025-04-11 (when was this score calculated)

2025-03-14 01:40:20 UTC
CVE

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
2025-04-01 10:15:23 UTC
Tenable Plugins

Fedora 40 : mingw-libxslt (2025-f7a12118f3)
2025-04-01 10:15:23 UTC
Tenable Plugins

Fedora 41 : mingw-libxslt (2025-fd62ac3fb1)
2025-04-14 06:00:46 UTC
Tenable Plugins

RHEL 9 : libxslt (RHSA-2025:3614)
2025-04-14 06:00:47 UTC
Tenable Plugins

RHEL 9 : libxslt (RHSA-2025:3613)
2025-04-17 11:30:41 UTC
Tenable Plugins

Amazon Linux 2 : libxslt (ALAS-2025-2823)