Your submission was sent successfully! Close

CVE-2019-18197

Published: 18 October 2019

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libxslt
Launchpad, Ubuntu, Debian
bionic
Released (1.1.29-5ubuntu0.2)
disco
Released (1.1.32-2ubuntu0.2)
eoan
Released (1.1.33-0ubuntu1.1)
precise
Released (1.1.26-8ubuntu1.6)
trusty
Released (1.1.28-2ubuntu0.2+esm1)
upstream Needs triage

xenial
Released (1.1.28-2.1ubuntu0.3)