CVE-2025-24855 Information

Description

numbers.c in libxslt before 1.1.43 has a use-after-free because in nested XPath evaluations an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue xsltEvalXPathPredicate xsltEvalXPathStringNs and xsltComputeSortResultInternal.

Reference

https://gitlab.gnome.org/GNOME/libxslt/-/issues/128