CVE-2019-13117
5.3 MEDIUMIn numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNum...
Published: 2019-07-01 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-908
Affected products
| Vendor | Product |
|---|---|
| canonical | debian_linux, fedora, leap |
| debian | debian_linux, fedora, leap |
| fedoraproject | debian_linux, fedora, leap |
| opensuse | debian_linux, fedora, leap |
| oracle | debian_linux, fedora, leap |
| xmlsoft | debian_linux, fedora, leap |
Description
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2019-13117
- [Other]http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
- [Other]http://www.openwall.com/lists/oss-security/2019/11/17/2
- [Other]https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
- [Patch]https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
- [Other]https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- [Other]https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- [Other]https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
- [Other]https://oss-fuzz.com/testcase-detail/5631739747106816
- [Other]https://security.netapp.com/advisory/ntap-20190806-0004/
- [Other]https://security.netapp.com/advisory/ntap-20200122-0003/
- [Other]https://usn.ubuntu.com/4164-1/
- [Other]https://www.oracle.com/security-alerts/cpujan2020.html
- [Other]http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
- [Other]http://www.openwall.com/lists/oss-security/2019/11/17/2
- [Other]https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
- [Patch]https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
- [Other]https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- [Other]https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- [Other]https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
- [Other]https://oss-fuzz.com/testcase-detail/5631739747106816
- [Other]https://security.netapp.com/advisory/ntap-20190806-0004/
- [Other]https://security.netapp.com/advisory/ntap-20200122-0003/
- [Other]https://usn.ubuntu.com/4164-1/
- [Other]https://www.oracle.com/security-alerts/cpujan2020.html
Related CVEs
Same vendor
- CVE-2026-35273 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-46843 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46842 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46841 — Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
Same CWE
- CVE-2026-42969 — Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally (5.5 MEDIUM)
- CVE-2026-48104 — 7-Zip is a file archiver with a high compression ratio (4.2 MEDIUM)
- CVE-2026-48101 — 7-Zip is a file archiver with a high compression ratio (6.5 MEDIUM)
- CVE-2026-11089 — Uninitialized Use in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to ... (6.5 MEDIUM)
- CVE-2026-26825 — A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files (5.3 MEDIUM)