PSA: Libxslt is unmaintained and has 5 unpatched security bugs
12 days ago
- #security
- #maintenance
- #libxslt
- Libxslt, a sibling project of libxml2, currently lacks an active maintainer.
- Three unfixed security issues exist in libxslt, with two disclosed (CVE-2025-7424 and CVE-2025-7425).
- CVE-2025-7424 involves type confusion in xmlNode.psvi between stylesheet and source nodes.
- CVE-2025-7425 is a heap-use-after-free issue in xmlFreeID caused by `atype` corruption.
- Patches have been proposed by engineers from Apple and Google, but no fixes have been applied due to the absence of a maintainer.