libxslt: Multiple vulnerabilities (CVE-2019-13117, CVE-2019-13118)ID: oval:org.secpod.oval:def:1801647 | Date: (C)2019-12-30 (M)2023-11-10 |
Class: PATCH | Family: unix |
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.8 |
Alpine Linux 3.9 |