Updated: 2025-08-20 03:17:39.032686
Description:
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | libxml2 | 2.9.13 | 7.8 | HIGH | Released | CLSA-2025:1754649907 | 2025-08-09 01:42:08 | |
| Alpine Linux 3.18 ELS | libxml2 | 2.11.8 | 7.8 | HIGH | Released | CLSA-2025:1765548935 | 2025-12-12 17:36:56 | |
| CentOS 6 ELS | libxml2 | 2.7.6 | 7.8 | HIGH | Not Vulnerable | 2025-09-30 05:36:53 | ||
| CentOS 7 ELS | libxml2 | 2.9.1 | 7.8 | HIGH | Released | CLSA-2025:1757427923 | 2025-09-24 17:03:05 | |
| CentOS 8.4 ELS | libxml2 | 2.9.7-9 | 7.8 | HIGH | Released | CLSA-2025:1754552473 | 2025-08-08 01:58:52 | |
| CentOS 8.5 ELS | libxml2 | 2.9.7-9 | 7.8 | HIGH | Released | CLSA-2025:1754554806 | 2025-08-08 01:58:51 | |
| CentOS Stream 8 ELS | libxml2 | 2.9.7 | 7.8 | HIGH | Released | CLSA-2025:1754552192 | 2025-08-08 01:58:53 | |
| CloudLinux 7 ELS | libxml2 | 2.9.1 | 7.8 | HIGH | Released | CLSA-2025:1757428021 | 2025-09-23 18:40:16 | |
| Oracle Linux 6 ELS | libxml2 | 2.7.6 | 7.8 | HIGH | Not Vulnerable | 2025-09-30 05:36:55 | ||
| Oracle Linux 7 ELS | libxml2 | 2.9.1 | 7.8 | HIGH | Released | CLSA-2025:1757415450 | 2025-09-09 15:28:07 |