← back
CVE-2019-13118

CVE-2019-13118

CVSS 5.3 MEDIUMEPSS 5.1%CWE-843
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.htmlhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069http://seclists.org/fulldisclosure/2019/Aug/11http://seclists.org/fulldisclosure/2019/Aug/13http://seclists.org/fulldisclosure/2019/Aug/14http://seclists.org/fulldisclosure/2019/Aug/15http://seclists.org/fulldisclosure/2019/Jul/22http://seclists.org/fulldisclosure/2019/Jul/23http://seclists.org/fulldisclosure/2019/Jul/24http://seclists.org/fulldisclosure/2019/Jul/26http://seclists.org/fulldisclosure/2019/Jul/31http://seclists.org/fulldisclosure/2019/Jul/37