VulnerableCode Package Details - pkg:deb/ubuntu/libxslt@1.1.29-5ubuntu0.2

Search for packages

Package details: pkg:deb/ubuntu/libxslt@1.1.29-5ubuntu0.2

Essentials
History (0)

purl	pkg:deb/ubuntu/libxslt@1.1.29-5ubuntu0.2

Next non-vulnerable version	1.1.33-0ubuntu1.1
Latest non-vulnerable version	1.1.33-0ubuntu1.1
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-76fj-htxj-aaah Aliases: CVE-2019-18197 GHSA-242x-7cm6-4w8j	In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.	1.1.33-0ubuntu1.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-2em3-ugp2-aaag	In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.	CVE-2019-13117 GHSA-4hm9-844j-jmxp
VCID-57tk-3v58-aaaj	In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.	CVE-2019-13118 GHSA-cf46-6xxh-pc75

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version