Your submission was sent successfully! Close

CVE-2019-5815

Published: 11 December 2019

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(75.0.3770.90-0ubuntu0.18.04.1)
cosmic Not vulnerable
(75.0.3770.90-0ubuntu0.18.04.1)
disco Not vulnerable
(75.0.3770.90-0ubuntu0.18.04.1)
focal Not vulnerable
(75.0.3770.80-0ubuntu1~snap2)
jammy Not vulnerable
(75.0.3770.80-0ubuntu1~snap2)
precise Does not exist

trusty Does not exist
(trusty was ignored [no longer updated])
upstream
Released (74.0.3729.108)
xenial Not vulnerable
(74.0.3729.169-0ubuntu0.16.04.1)
libxslt
Launchpad, Ubuntu, Debian
bionic
Released (1.1.29-5ubuntu0.3)
focal Not vulnerable
(1.1.34-4)
jammy Not vulnerable
(1.1.34-4build2)
trusty
Released (1.1.28-2ubuntu0.2+esm2)
upstream
Released (1.1.34-2)
xenial
Released (1.1.28-2.1ubuntu0.3+esm1)
Patches:
upstream: https://gitlab.gnome.org/GNOME/libxslt/-/commit/08b62c258
upstream: https://github.com/GNOME/libxslt/commit/08b62c258