CVE-2019-13118

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2019-13118
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2019-07-01 02:15:00 UTC
Updated2023-11-07 03:03:00 UTC
DescriptionIn numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Risk And Classification

Problem Types: CWE-843

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Apple Icloud All All All All
Operating System Apple Iphone Os All All All All
Application Apple Itunes All All All All
Operating System Apple Macos All All All All
Operating System Apple Mac Os X 10.12.6 security_update_2019-001 All All
Operating System Apple Mac Os X 10.12.6 security_update_2019-002 All All
Operating System Apple Mac Os X 10.12.6 security_update_2019-003 All All
Operating System Apple Mac Os X 10.13.6 security_update_2019-001 All All
Operating System Apple Mac Os X 10.13.6 security_update_2019-002 All All
Operating System Apple Mac Os X 10.13.6 security_update_2019-003 All All
Operating System Apple Tvos All All All All
Operating System Canonical Ubuntu Linux 12.04 All All All
Operating System Canonical Ubuntu Linux 14.04 All All All
Operating System Canonical Ubuntu Linux 16.04 All All All
Operating System Canonical Ubuntu Linux 18.04 All All All
Operating System Canonical Ubuntu Linux 19.04 All All All
Operating System Canonical Ubuntu Linux 19.10 All All All
Operating System Fedoraproject Fedora 31 All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Cloud Backup - All All All
Application Netapp Clustered Data Ontap - All All All
Application Netapp E-series Performance Analyzer - All All All
Application Netapp E-series Santricity Management Plug-ins - All All All
Application Netapp E-series Santricity Os Controller All All All All
Application Netapp E-series Santricity Storage Manager - All All All
Application Netapp E-series Santricity Web Services - All All All
Application Netapp Oncommand Insight - All All All
Application Netapp Oncommand Workflow Automation - All All All
Application Netapp Ontap Select Deploy Administration Utility - All All All
Application Netapp Plug-in For Symantec Netbackup - All All All
Application Netapp Santricity Unified Manager - All All All
Application Netapp Steelstore Cloud Integrated Storage - All All All
Operating System Opensuse Leap 15.1 All All All
Application Oracle Jdk 1.8.0 update231 All All
Application Xmlsoft Libxslt 1.1.33 All All All
Application Xmlsoft Libxslt 1.1.33 All All All

References

ReferenceSourceLinkTags
Full Disclosure: APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 FULLDISC seclists.org
Full Disclosure: APPLE-SA-2019-7-22-4 watchOS 5.3 FULLDISC seclists.org
Full Disclosure: APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 FULLDISC seclists.org
Fix uninitialized read with UTF-8 grouping chars (6ce8de69) · Commits · GNOME / libxslt · GitLab MISC gitlab.gnome.org Patch, Third Party Advisory
Bugtraq: APPLE-SA-2019-7-22-1 iOS 12.4 BUGTRAQ seclists.org
Bugtraq: APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6 BUGTRAQ seclists.org
Bugtraq: APPLE-SA-2019-7-23-1 iCloud for Windows 7.13 BUGTRAQ seclists.org
oss-security - Nokogiri security update v1.10.5 MLIST www.openwall.com
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 lists.apache.org
15069 - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail MISC bugs.chromium.org Permissions Required
Pony Mail! MLIST lists.apache.org
[SECURITY] Fedora 31 Update: libxslt-1.1.33-4.fc31 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Full Disclosure: APPLE-SA-2019-7-23-3 iCloud for Windows 10.6 FULLDISC seclists.org
January 2020 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Bugtraq: APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra BUGTRAQ seclists.org
Full Disclosure: APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 FULLDISC seclists.org
About the security content of iOS 12.4 - Apple Support CONFIRM support.apple.com
Bugtraq: APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4 BUGTRAQ seclists.org
About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra - Apple Support CONFIRM support.apple.com
Bugtraq: APPLE-SA-2019-7-22-4 watchOS 5.3 BUGTRAQ seclists.org
Full Disclosure: APPLE-SA-2019-7-22-1 iOS 12.4 FULLDISC seclists.org
Log in MISC oss-fuzz.com Permissions Required
Full Disclosure: APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra FULLDISC seclists.org
Full Disclosure: APPLE-SA-2019-7-23-1 iCloud for Windows 7.13 FULLDISC seclists.org
About the security content of watchOS 5.3 - Apple Support CONFIRM support.apple.com
July 2019 Libxslt Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Full Disclosure: APPLE-SA-2019-7-22-5 tvOS 12.4 FULLDISC seclists.org
Bugtraq: APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4 BUGTRAQ seclists.org
USN-4164-1: Libxslt vulnerabilities | Ubuntu security notices | Ubuntu UBUNTU usn.ubuntu.com
Pony Mail! MLIST lists.apache.org
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 lists.apache.org
Full Disclosure: APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6 FULLDISC seclists.org
[security-announce] openSUSE-SU-2020:0731-1: moderate: Security update f SUSE lists.opensuse.org
Full Disclosure: APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra FULLDISC seclists.org
Oracle Critical Patch Update Advisory - January 2020 MISC www.oracle.com
About the security content of iCloud for Windows 7.13 - Apple Support CONFIRM support.apple.com
About the security content of tvOS 12.4 - Apple Support CONFIRM support.apple.com
About the security content of iTunes 12.9.6 for Windows - Apple Support CONFIRM support.apple.com
Bugtraq: APPLE-SA-2019-7-23-3 iCloud for Windows 10.6 BUGTRAQ seclists.org
Bugtraq: APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3 BUGTRAQ seclists.org
About the security content of iCloud for Windows 10.6 - Apple Support CONFIRM support.apple.com
[SECURITY] [DLA 1860-1] libxslt security update MLIST lists.debian.org
[SECURITY] Fedora 31 Update: libxslt-1.1.33-4.fc31 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Bugtraq: APPLE-SA-2019-7-22-5 tvOS 12.4 BUGTRAQ seclists.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 296080 Oracle Solaris 11.4 Support Repository Update (SRU) 13.4.0 Missing (CPUJUL2019)
  • 372444 Tableau Server and Desktop Multiple Vulnerabilities (Important-ADV-2020-009)
  • 375811 Azul Java Multiple Vulnerabilities Security Update January 2020
  • 500354 Alpine Linux Security Update for libxslt
  • 504118 Alpine Linux Security Update for libxslt
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report