Updated: 2025-08-20 03:17:39.032686
Description:
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| RHEL 7 ELS | libxml2 | 2.9.1 | 7.8 | HIGH | Released | CLSA-2025:1757413554 | 2025-09-09 10:44:58 | |
| Ubuntu 16.04 ELS | libxml2 | 2.9.3 | 7.8 | HIGH | Released | CLSA-2025:1758228293 | 2025-09-19 09:16:57 | |
| Ubuntu 18.04 ELS | libxml2 | 2.9.4 | 7.8 | HIGH | Released | CLSA-2025:1758292868 | 2025-09-19 16:13:47 | |
| Ubuntu 20.04 ELS | libxml2 | 2.9.10 | 7.8 | HIGH | Released | CLSA-2025:1758228035 | 2025-09-19 09:16:53 |