A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
Weakness
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | libxslt-0:1.1.39-8.el10_2.1 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | libxslt-0:1.1.39-8.el10_0.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | libxslt-0:1.1.32-6.4.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | libxslt-0:1.1.32-6.4.el8_10 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | libxslt-0:1.1.32-8.el8_4.1 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | libxslt-0:1.1.32-8.el8_4.1 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | libxslt-0:1.1.32-8.el8_8.1 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | libxslt-0:1.1.32-8.el8_8.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | libxslt-0:1.1.34-14.el9_8.1 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | libxslt-0:1.1.34-12.el9_2 | * |
| Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions | RedHat | libxslt-0:1.1.34-15.el9_4 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | libxslt-0:1.1.34-13.el9_6.2 | * |
| Red Hat Hardened Images | RedHat | libxslt-main-1.1.45-0.1.hum1 | * |
| Libxslt | Ubuntu | devel | * |
| Libxslt | Ubuntu | esm-infra/xenial | * |
| Libxslt | Ubuntu | plucky | * |
| Libxslt | Ubuntu | resolute | * |
| Libxslt | Ubuntu | upstream | * |
Potential Mitigations
References
- https://access.redhat.com/errata/RHSA-2026:11015
- https://access.redhat.com/errata/RHSA-2026:26355
- https://access.redhat.com/errata/RHSA-2026:28243
- https://access.redhat.com/errata/RHSA-2026:28584
- https://access.redhat.com/errata/RHSA-2026:29807
- https://access.redhat.com/errata/RHSA-2026:29809
- https://access.redhat.com/errata/RHSA-2026:29811
- https://access.redhat.com/errata/RHSA-2026:29814
- https://access.redhat.com/errata/RHSA-2026:29975
- https://access.redhat.com/errata/RHSA-2026:29976
- https://access.redhat.com/security/cve/CVE-2025-10911
- https://bugzilla.redhat.com/show_bug.cgi?id=2397838
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/144
- https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77