CVE-2019-13118
Severity
5.3MEDIUM
EPSS
1.0%
top 22.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 1
Latest updateMay 24
Description
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages13 packages
Also affects: Fedora 31, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04, 19.10
Patches
🔴Vulnerability Details
5📋Vendor Advisories
11💬Community
4Bugzilla▶
CVE-2019-13118 mingw-libxslt: libxslt: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character [fedora-all]↗2019-07-10
Bugzilla▶
CVE-2019-13118 mingw-libxslt: libxslt: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character [epel-7]↗2019-07-10
Bugzilla▶
CVE-2019-13118 libxslt: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character↗2019-07-10
Bugzilla▶
CVE-2019-13118 libxslt: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character [fedora-all]↗2019-07-10