CVE-2015-7995

EPSS 1.4%

libxslt - security update

Published: 11/17/2015Modified: 4/28/2026

Description

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

Affected packages (3)

Debian/libxsltfrom 0, < 1.1.28-2.1
Debian/libxsltfrom 0, < 1.1.26-14.1+deb7u1
Debian/libxsltfrom 0, < 1.1.28-2+deb8u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-7995