JLSEC-2026-583

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-583.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-583.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-583
Upstream
  • EUVD-2025-7659
  • GHSA-3cgj-v3m4-cgcq
Published
2026-06-08T13:15:35.983Z
Modified
2026-07-02T05:46:43.396026319Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H CVSS Calculator
Summary
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an...
Details

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Database specific
{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24855",
            "database_specific": {
                "status": "Modified"
            },
            "modified": "2025-11-03T22:18:40.750Z",
            "imported": "2026-06-07T01:46:46.743Z",
            "published": "2025-03-14T02:15:15.717Z",
            "id": "CVE-2025-24855",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-24855"
        },
        {
            "url": "https://api.github.com/advisories/GHSA-3cgj-v3m4-cgcq",
            "html_url": "https://github.com/advisories/GHSA-3cgj-v3m4-cgcq",
            "imported": "2026-06-07T01:46:47.117Z",
            "published": "2025-03-14T03:31:24Z",
            "id": "GHSA-3cgj-v3m4-cgcq",
            "modified": "2025-11-04T00:32:21Z"
        },
        {
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-7659",
            "modified": "2026-02-26T19:09:31Z",
            "imported": "2026-06-07T01:46:46.787Z",
            "published": "2025-03-14T00:00:00Z",
            "id": "EUVD-2025-7659",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-7659"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / XSLT_jll

Package

Name
XSLT_jll
Purl
pkg:julia/XSLT_jll?uuid=aed1982a-8fda-507f-9586-7b0439959a61

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.43+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-583.json"