Description
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
Problem types
Product status
Any version
0:1.1.39-8.el10_2.1 (rpm) before *
0:1.1.32-6.4.el8_10 (rpm) before *
0:1.1.32-6.4.el8_10 (rpm) before *
0:1.1.34-14.el9_8.1 (rpm) before *
1.1.45-0.1.hum1 (rpm) before *
Timeline
| 2025-09-24: | Reported to Red Hat. |
| 2025-08-04: | Made public. |
References
access.redhat.com/errata/RHSA-2026:11015 (RHSA-2026:11015)
access.redhat.com/errata/RHSA-2026:26355 (RHSA-2026:26355)
access.redhat.com/errata/RHSA-2026:28243 (RHSA-2026:28243)
access.redhat.com/errata/RHSA-2026:28584 (RHSA-2026:28584)
access.redhat.com/security/cve/CVE-2025-10911
bugzilla.redhat.com/show_bug.cgi?id=2397838 (RHBZ#2397838)
gitlab.gnome.org/GNOME/libxslt/-/issues/144
gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77