DevGuard Logo

🛡️ DevGuard
Group
/🗄️ Devguard Postgresql
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Open
LOW (3.8)
  • T

    Tim Bastin detected CVE-2025-24855 with a risk of 1.87

    0.9.1
  • logo

    System updated the risk assessment from 1.87 to 1.25

    0.9.1

    System recalculated raw risk assessment

  • logo

    System updated the risk assessment from 1.25 to 3.75

    0.9.1

    System recalculated raw risk assessment

  • T

    Tim Bastin detected CVE-2025-24855 with a risk of 3.75

    0.10.1
  • logo

    System detected CVE-2025-24855 with a risk of 3.75

    0.8.3
  • T

    Tim Bastin detected CVE-2025-24855 with a risk of 3.75

    0.11.1
  • logo

    System fixed CVE-2025-24855

    0.10.1
  • logo

    System fixed CVE-2025-24855

    0.9.1
  • logo

    System fixed CVE-2025-24855

    0.8.3
  • logo

    System fixed CVE-2025-24855

    0.11.1
  • logo

    System detected CVE-2025-24855 with a risk of 3.75

    0.11.1

Add a comment

Mark as False Positive
Last calculated at:

Affected component

debian/libxslt

Installed version:
1.1.35
Fixed in:
no patch available
Show in dependency graph

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5