Tech News
← Back to articles

PSA: Libxslt is unmaintained and has 5 unpatched security bugs

2025-10-31 | original
read original related products more articles

Alan Coopersmith reports:

On 6/16/25 15:12, Alan Coopersmith wrote:

BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt

2 of the 3 have now been disclosed:

(CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes

https://gitlab.gnome.org/GNOME/libxslt/-/issues/139 https://project-zero.issues.chromium.org/issues/409761909

(CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption

https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

https://project-zero.issues.chromium.org/issues/410569369

Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, but neither has had a fix applied to the git repo since there is currently no maintainer for libxslt.

Related:
Ongoing YouTube, Google outage reported — outage spikes across popular services
Who owns Trump Mobile?
One year on, many Android users still can’t use audio in their cars properly
Windows 10 OOB update released to fix Message Queuing (MSMQ) issues
Quantum Insider Session Series: Practical Instructions for Building Your Organization’s Quantum Team

© 2025 GoKawiil