CVE-2019-18197
Severity
7.5HIGH
EPSS
4.5%
top 10.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 18
Latest updateMay 24
Description
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04, 19.10
Patches
🔴Vulnerability Details
5GHSA
▶
OSV
▶
📋Vendor Advisories
5💬Community
6Bugzilla▶
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c leads to password disclosure [fedora-all]↗2019-11-11
Bugzilla▶
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [epel-7]↗2019-11-11
Bugzilla▶
CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c leads to password disclosure [fedora-all]↗2019-11-11
Bugzilla▶
CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure↗2019-11-11
Bugzilla▶
CVE-2019-18197 mingw-libxslt: libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure [fedora-all]↗2019-11-11