Do your applications use this vulnerable package?
Test your applications
Overview
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
References
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityHigh
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2019-18197
- CWE
- CWE-416 CWE-908
- Snyk ID
- SNYK-DEBIAN9-LIBXSLT-473886
- Disclosed
- 18 Oct, 2019
- Published
- 19 Oct, 2019