In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an malicious user to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xmlsoft libxslt 1.1.33 |
||
debian debian linux 8.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 12.04 |
||
fedoraproject fedora 31 |
||
opensuse leap 15.1 |
||
oracle openjdk 8 |