| Name | CVE-2025-11731 |
| Description | A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1118078 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| libxslt (PTS) | bullseye | 1.1.34-4+deb11u1 | vulnerable |
| bullseye (security) | 1.1.34-4+deb11u3 | vulnerable | |
| bookworm | 1.1.35-1+deb12u4 | vulnerable | |
| bookworm (security) | 1.1.35-1+deb12u3 | vulnerable | |
| trixie | 1.1.35-1.2+deb13u3 | vulnerable | |
| trixie (security) | 1.1.35-1.2+deb13u2 | vulnerable | |
| forky, sid | 1.1.45-0.1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| libxslt | source | (unstable) | 1.1.43-0.3 | 1118078 |
[trixie] - libxslt <no-dsa> (Minor issue)
[bookworm] - libxslt <no-dsa> (Minor issue)
[bullseye] - libxslt <postponed> (Minor issue; upstream consider this issue entails a low risk)
https://gitlab.gnome.org/GNOME/libxslt/-/issues/151
Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3