CVE-2019-18197

HIGH

libxslt 1.1.33 - Use-After-Free in xsltCopyText

Title source: llm

Description

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

References (15)

Core 15

Core References

Patch, Third Party Advisory x_refsource_misc

https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4164-1/

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20191031-0004/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/11/17/2

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0514

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2020.html

Vendor Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200416-0004/

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

Scores

CVSS v3 7.5

EPSS 0.0453

EPSS Percentile 89.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416 CWE-908

Status published

Products (9)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.04

canonical/ubuntu_linux 19.10

debian/debian_linux 8.0

rubygems/nokogiri 0 - 1.10.5RubyGems

xmlsoft/libxslt 1.1.33

Published Oct 18, 2019

Tracked Since Feb 18, 2026