CVE-2024-55549: 
Alma Linux vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in libxslt, specifically in the xsltGetInheritedNsList function, affecting versions before 1.1.43. The vulnerability is related to the exclusion of result prefixes and was disclosed on March 13, 2025 (CVE MITRE, NVD Database).

The vulnerability has been assigned CVE-2024-55549 and received a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) and requires local access with high attack complexity. No privileges are required, and no user interaction is needed for exploitation (NVD Database, Snyk Report).

According to the CVSS metrics, the vulnerability can result in a total loss of integrity and availability of the affected system, while confidentiality remains unaffected. The scope is changed, meaning the vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component (Snyk Report).

The vulnerability has been fixed in libxslt version 1.1.43. For Debian systems, fixed versions are available: version 1.1.34-4+deb11u2 for Debian 11 (Bullseye) and version 1.1.35-1+deb12u1 for Debian 12 (Bookworm). Users are advised to upgrade to these patched versions (Debian Tracker).