| Package | libxslt |
|---|---|
| Version | 1.1.29-2.1+deb9u5 (stretch), 1.1.32-2.2~deb10u4 (buster) |
| Related CVEs | CVE-2023-40403 CVE-2025-7424 |
- CVE-2023-40403
-
It was discovered that the
generate-id()function could return deterministic values and could leak the memory layout of different XML objects, which might lead to information disclosure. - CVE-2025-7424
-
Ivan Fratric discovered a type confusion vulnerability in
xmlNode.psvibetween stylesheet and source nodes, which could lead to application crash.
For Debian 10 buster, these problems have been fixed in version 1.1.32-2.2~deb10u4.
For Debian 9 stretch, these problems have been fixed in version 1.1.29-2.1+deb9u5.
We recommend that you upgrade your libxslt packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.