This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Xmlsoft First view 2019-04-10
Product Libxslt Last view 2019-10-18
Version 1.1.33 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:xmlsoft:libxslt

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-10-18 CVE-2019-18197

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

7.5 2019-06-30 CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

7.5 2019-06-30 CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

9.8 2019-04-10 CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-20 Improper Input Validation
25% (1) CWE-416 Use After Free
25% (1) CWE-284 Access Control (Authorization) Issues