CVE-2024-55549 – CVE-2024-55549 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-55549?

CVE-2024-55549 has a CVSS score of 7.8 (HIGH). CVE-2024-55549 is a use-after-free vulnerability in libxslt's xsltGetInheritedNsList function that occurs when excluding result prefixes. This allows attackers to potentially execute arbitrary code or cause denial of service by processing malicious XSLT stylesheets. Any application using vulnerable libxslt versions for XML/XSLT processing is affected.

📋 TL;DR

CVE-2024-55549 is a use-after-free vulnerability in libxslt's xsltGetInheritedNsList function that occurs when excluding result prefixes. This allows attackers to potentially execute arbitrary code or cause denial of service by processing malicious XSLT stylesheets. Any application using vulnerable libxslt versions for XML/XSLT processing is affected.

💻 Affected Systems

Products:

libxslt
Applications using libxslt (e.g., web browsers, XML processors, document converters)

Versions: libxslt versions before 1.1.43

Operating Systems: Linux, Unix-like systems, Windows (if using vulnerable libxslt)

Default Config Vulnerable: ⚠️ Yes

Notes: Any configuration using libxslt for XSLT transformations is vulnerable when processing untrusted content.

📦 What is this software?

Libxslt by Xmlsoft

View all CVEs affecting Libxslt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash causing denial of service, potentially leading to data corruption in XML processing pipelines.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially just application instability.

🌐 Internet-Facing: HIGH - Any internet-facing service processing untrusted XML/XSLT content is vulnerable to exploitation.

🏢 Internal Only: MEDIUM - Internal applications processing XML from untrusted sources remain vulnerable, though attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to supply malicious XSLT content to a vulnerable application. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libxslt 1.1.43 and later

Vendor Advisory: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127

Restart Required: No

Instructions:

1. Update libxslt to version 1.1.43 or later using your system package manager. 2. For Debian/Ubuntu: apt update && apt upgrade libxslt1.1. 3. For RHEL/CentOS: yum update libxslt. 4. Recompile any statically linked applications with the patched library.

🔧 Temporary Workarounds

Disable XSLT processing for untrusted content

all

Configure applications to avoid using libxslt for processing untrusted XML/XSLT content

Input validation and sanitization

all

Implement strict input validation to reject or sanitize potentially malicious XSLT content

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems from untrusted networks
Deploy web application firewalls (WAF) with XML/XSLT attack detection rules

🔍 How to Verify

Check if Vulnerable:

Check libxslt version with: xsltproc --version | grep 'libxslt'

Check Version:

xsltproc --version | grep 'libxslt'

Verify Fix Applied:

Verify version is 1.1.43 or higher: xsltproc --version | grep 'libxslt'

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults in libxslt functions
Unusual XML/XSLT processing errors
Memory corruption warnings in system logs

Network Indicators:

Unusually large or complex XML/XSLT payloads to XML processing endpoints
Multiple failed transformation attempts

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "libxslt" OR "xsltGetInheritedNsList")

📊 Metadata

CVE ID: CVE-2024-55549

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE: CWE-416

EPSS Score: 0.01% exploit probability (1.2th percentile)

Published: March 14, 2025

Last Updated: November 3, 2025

🔗 References

https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55549, you might also want to check these: