CVE-CVE-2019-13118 | MEDIUM Severity | CVEDatabase.com

Description

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Weaknesses: CWE-843

Metadata

Primary Vendor: XMLSOFT
Published: 7/1/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

xmlsoft : libxsltopensuse : leapnetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : cloud_backupnetapp : clustered_data_ontapnetapp : e-series_performance_analyzernetapp : e-series_santricity_management_plug-insnetapp : e-series_santricity_os_controllernetapp : e-series_santricity_storage_managernetapp : e-series_santricity_web_servicesnetapp : oncommand_insightnetapp : oncommand_workflow_automationnetapp : ontap_select_deploy_administration_utilitynetapp : plug-in_for_symantec_netbackupnetapp : santricity_unified_managernetapp : steelstore_cloud_integrated_storageoracle : jdkfedoraproject : fedoracanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxapple : icloudapple : icloudapple : itunesapple : iphone_osapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : macosapple : tvos

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD