Use-After-Free Vulnerability in libxslt Affecting GNOME Products
CVE-2024-55549

7.8HIGH

Key Information:

Vendor: Xmlsoft
Status: Libxslt
Vendor: CVE Published:; 14 March 2025

What is CVE-2024-55549?

The libxslt library, a critical component of GNOME software, is impacted by a use-after-free vulnerability in the xsltGetInheritedNsList function. This issue occurs prior to version 1.1.43 and is related to the improper handling of result prefixes. An attacker could exploit this vulnerability, leading to potential memory corruption, application crashes, or execution of arbitrary code. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

libxslt 0 < 1.1.43

References

https://gitlab.gnome.org/GNOME/libxslt/-/issues/127

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Dec 8, 2024

Xmlsoft

What is CVE-2024-55549?

Affected Version(s)

References

CVSS V3.1

Timeline