CVE-2019-13118
published 2019-07-01CVE-2019-13118: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | icloud | < 7.13 | 7.13 |
| apple | icloud | >= 10.0 < 10.6 | 10.6 |
| apple | icloud_for_windows | — | — |
| apple | icloud_for_windows | — | — |
| apple | ios | — | — |
| apple | iphone_os | < 12.4 | 12.4 |
| apple | itunes | < 12.9.6 | 12.9.6 |
| apple | itunes_12.9.6_for_windows | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | macos | >= 10.4.6 < 10.14.6 | 10.14.6 |
| apple | macos_mojave_10.14.6_security_update_2019-004_high_sierra_security_update_2019-0 | — | — |
| apple | tvos | < 12.4 | 12.4 |
| apple | tvos | — | — |
| apple | watchos | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libxslt | < libxslt 1.1.32-2.1 (bookworm) | libxslt 1.1.32-2.1 (bookworm) |
| fedoraproject | fedora | — | — |
| netapp | e-series_santricity_os_controller | 11.0 – 11.50.2 | — |
| nokogiri | nokogiri | >= 0 < 1.10.5 | 1.10.5 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM