View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2011-1425 not yet assigned priority: Debian including 1 source packages (xmlsec1), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.