Published: 01/07/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an malicious user to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxslt 1.1.33
debian debian linux 8.0
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 14.04
canonical ubuntu linux 19.10
canonical ubuntu linux 16.04
canonical ubuntu linux 12.04
fedoraproject fedora 31
opensuse leap 15.1
oracle openjdk 8

Debian Bug report logs - #931321 libxslt: CVE-2019-13117 Package: src:libxslt; Maintainer for src:libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 1 Jul 2019 19:30:16 UTC Severity: important Tags: security, upstream Fou ...

Several security issues were fixed in Libxslt ...

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security) Supported versions that are affected are Java SE: 7u241, 8u231, 1105 and 1301; Java SE Embedded: 8u231 Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded Succe ...

Impact: Low Public Date: 2019-06-30 CWE: CWE-134 Bugzilla: 1728546: CVE-2019-13117 libxslt: an xsl numb ...

Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center CVE-2019-13117, CVE-2019-13118, CVE-2019-16168, CVE-2020-2583, CVE-2020-2585, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE ...

CWE-908 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471 https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 https://oss-fuzz.com/testcase-detail/5631739747106816 https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html https://security.netapp.com/advisory/ntap-20190806-0004/https://usn.ubuntu.com/4164-1/http://www.openwall.com/lists/oss-security/2019/11/17/2 https://www.oracle.com/security-alerts/cpujan2020.html https://security.netapp.com/advisory/ntap-20200122-0003/http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321 https://usn.ubuntu.com/4164-1/https://nvd.nist.gov

CVE-2019-13117

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect