CVE-2019-18197
published 2019-10-18CVE-2019-18197: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed…
PriorityP341high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
4.45%
90.2th percentile
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxslt | < libxslt 1.1.32-2.2 (bookworm) | libxslt 1.1.32-2.2 (bookworm) |
| chrome_chrome | — | — | |
| nokogiri | nokogiri | >= 0 < 1.10.5 | 1.10.5 |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.2 | 1.1.32-2.2 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.2 | 1.1.32-2.2 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.2 | 1.1.32-2.2 |
| xmlsoft | libxslt | >= 0 < 1.1.32-2.2 | 1.1.32-2.2 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1ubuntu0.3 | 1.1.28-2.1ubuntu0.3 |
| xmlsoft | libxslt | >= 0 < 1.1.29-5ubuntu0.2 | 1.1.29-5ubuntu0.2 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2ubuntu0.2+esm1 | 1.1.28-2ubuntu0.2+esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_oracle8.1HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Java SE Risk Matrix: JavaFX (libxslt) — CVE-2019-18197
vendor_oracle·2020-04-15·CVSS 8.1
CVE-2019-18197 [HIGH] Oracle Oracle Java SE Risk Matrix: JavaFX (libxslt) — CVE-2019-18197
Oracle Oracle Java SE Risk Matrix: JavaFX (libxslt) vulnerability
CVE: CVE-2019-18197
CVSS: 8.1
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2020 (APR 2020)
Chrome
Stable Channel Update for Desktop: CVE-2019-18197
vendor_chrome·2020-02-04·CVSS 7.5
CVE-2019-18197 [HIGH] Stable Channel Update for Desktop: CVE-2019-18197
Stable Channel Update for Desktop
CVE-2019-18197: Multiple vulnerabilities in XML. Reported by Jordan Pryde from the BlackBerry Security Incident Response Team on 2019-11-01
[$500][ 1042700 ] High CVE-2019-19926: Inappropriate implementation in SQLite
Reported by Richard Lorenz, SAP on 2020-01-16
Severity: high
Ubuntu
Libxslt vulnerabilities
vendor_ubuntu·2019-10-22·CVSS 5.3
CVE-2019-13117 [MEDIUM] Libxslt vulnerabilities
Title: Libxslt vulnerabilities
Summary: Several security issues were fixed in Libxslt.
It was discovered that Libxslt incorrectly handled certain documents.
An attacker could possibly use this issue to access sensitive information.
This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118)
It was discovered that Libxslt incorrectly handled certain documents.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-18197)
Instructions: In general, a standard system update will make all the necessary changes.
make all the necessary changes.
Red Hat
libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
vendor_redhat·2019-10-18·CVSS 7.5
CVE-2019-18197 [HIGH] CWE-416 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Statement: Red Hat OpenStack consumes fixes from the base Red Hat Enterprise Linux Operating System. Therefore the libxslt package provided by Red Hat OpenStack has been marked as 'will not fix'.
Package: libxslt (Red Hat Enterprise Linux 5) - Out of support scope
Package: libxslt (Red Hat Enterprise Linux 6) - Out of support scope
Package: libxslt (Red Hat OpenStack Platform 10 (Newton)) - Will
Debian
CVE-2019-18197: libxslt - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset...
vendor_debian·2019·CVSS 7.5
CVE-2019-18197 [HIGH] CVE-2019-18197: libxslt - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset...
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Scope: local
bookworm: resolved (fixed in 1.1.32-2.2)
bullseye: resolved (fixed in 1.1.32-2.2)
forky: resolved (fixed in 1.1.32-2.2)
sid: resolved (fixed in 1.1.32-2.2)
trixie: resolved (fixed in 1.1.32-2.2)
GHSA
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
ghsa·2022-05-24
CVE-2019-18197 [HIGH] CWE-416 Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.
OSV
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
osv·2022-05-24
CVE-2019-18197 [HIGH] Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.
OSV
libxslt vulnerabilities
osv·2019-10-22·CVSS 5.3
CVE-2019-13117 [MEDIUM] libxslt vulnerabilities
libxslt vulnerabilities
It was discovered that Libxslt incorrectly handled certain documents.
An attacker could possibly use this issue to access sensitive information.
This issue not affected Ubuntu 19.10. (CVE-2019-13117, CVE-2019-13118)
It was discovered that Libxslt incorrectly handled certain documents.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-18197)
OSV
CVE-2019-18197: In xsltCopyText in transform
osv·2019-10-18·CVSS 7.5
CVE-2019-18197 [HIGH] CVE-2019-18197: In xsltCopyText in transform
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c leads to password disclosure [fedora-all]
bugzilla·2019-11-11·CVSS 7.5
CVE-2019-18197 [HIGH] CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c leads to password disclosure [fedora-all]
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c leads to password disclosure [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOT
Bugzilla
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [epel-7]
bugzilla·2019-11-11·CVSS 7.5
CVE-2019-18197 [HIGH] CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [epel-7]
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Di
Bugzilla
CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c leads to password disclosure [fedora-all]
bugzilla·2019-11-11·CVSS 7.5
CVE-2019-18197 [HIGH] CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c leads to password disclosure [fedora-all]
CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c leads to password disclosure [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue a
Bugzilla
CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
bugzilla·2019-11-11·CVSS 7.5
CVE-2019-18197 [HIGH] CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
A vulnerabiliy was found in xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Reference:
https://security.netapp.com/advisory/ntap-20191031-0004/
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
Discussion:
Created libx
Bugzilla
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [fedora-all]
bugzilla·2019-11-11·CVSS 7.5
CVE-2019-18197 [HIGH] CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [fedora-all]
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit messa
Bugzilla
CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [fedora-all]
bugzilla·2019-11-11·CVSS 7.5
CVE-2019-18197 [HIGH] CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [fedora-all]
CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.htmlhttp://www.openwall.com/lists/oss-security/2019/11/17/2https://access.redhat.com/errata/RHSA-2020:0514https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285https://lists.debian.org/debian-lts-announce/2019/10/msg00037.htmlhttps://security.netapp.com/advisory/ntap-20191031-0004/https://security.netapp.com/advisory/ntap-20200416-0004/https://usn.ubuntu.com/4164-1/https://www.oracle.com/security-alerts/cpuapr2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.htmlhttp://www.openwall.com/lists/oss-security/2019/11/17/2https://access.redhat.com/errata/RHSA-2020:0514https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285https://lists.debian.org/debian-lts-announce/2019/10/msg00037.htmlhttps://security.netapp.com/advisory/ntap-20191031-0004/https://security.netapp.com/advisory/ntap-20200416-0004/https://usn.ubuntu.com/4164-1/https://www.oracle.com/security-alerts/cpuapr2020.html
2019-10-18
Published