Access of Resource Using Incompatible Type ('Type Confusion')
Affecting libxslt package, versions <1.1.32-2.1~deb10u1
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References
- ADVISORY
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- Bugtraq Mailing List
- Bugtraq Mailing List
- Bugtraq Mailing List
- Bugtraq Mailing List
- Bugtraq Mailing List
- Bugtraq Mailing List
- CONFIRM
- CONFIRM
- Debian Security Announcement
- Debian Security Tracker
- FEDORA
- FULLDISC
- FULLDISC
- FULLDISC
- FULLDISC
- MISC
- MISC
- MISC
- MISC
- MLIST
- SUSE
- Seclists Full Disclosure
- Seclists Full Disclosure
- Seclists Full Disclosure
- Seclists Full Disclosure
- Seclists Full Disclosure
- Seclists Full Disclosure
- Seclists Full Disclosure
- UBUNTU
- Ubuntu CVE Tracker
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2019-13118
- CWE
- CWE-843
- Snyk ID
- SNYK-DEBIAN10-LIBXSLT-451288
- Disclosed
- 01 Jul, 2019
- Published
- 01 Jul, 2019