Your submission was sent successfully! Close

CVE-2019-13117

Published: 01 July 2019

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libxslt
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.1.29-5ubuntu0.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.1.28-2.1ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.1.28-2ubuntu0.2+esm1)
Patches:
Upstream: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1