CVE-2019-5815

HIGH

libxslt < 1.1.33 - Type Confusion in xsltNumberFormatGetMultipleLevel

Title source: llm

Description

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

References (3)

Core 3

Core References

Patch x_refsource_misc

https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b

Issue Tracking x_refsource_misc

https://bugs.chromium.org/p/chromium/issues/detail?id=930663

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html

Scores

CVSS v3 7.5

EPSS 0.0172

EPSS Percentile 74.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-787 CWE-843

Status published

Products (3)

debian/debian_linux 10.0

rubygems/nokogiri 0 - 1.10.5RubyGems

xmlsoft/libxslt < 1.1.33

Published Dec 11, 2019

Tracked Since Feb 18, 2026