CVE-2024-55549

描述

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.

受影響套件(7)

• Alpine/libxsltfrom 0, < 1.1.38-r1
• Bitnami/javafrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
• Bitnami/java-minfrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
• Bitnami/jrefrom 0, < 1.8.0, >= 1.9.0, < 8.0.461
• Debian/libxsltfrom 0, < 1.1.34-4+deb11u2
• Debian/libxsltfrom 0, < 1.1.35-1+deb12u1
• Debian/libxsltfrom 0, < 1.1.34-4+deb11u2

CVSS 分數

參考連結(5)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2024-55549
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-55549
• WEBhttps://gitlab.gnome.org/GNOME/libxslt/-/issues/127
• WEBhttps://lists.debian.org/debian-lts-announce/2025/03/msg00015.html
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-55549