CVE-2019-13118 - Vulncode-DB

CVE-2019-13118 (NVD)

2019-07-01

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Products	Icloud, Iphone_os, Itunes, Mac_os_x, Macos, Tvos, Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt
Type	Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
First patch	- None (likely due to unavailable code)
Links	• https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b • http://seclists.org/fulldisclosure/2019/Aug/15 • https://support.apple.com/kb/HT210353 • https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E • https://seclists.org/bugtraq/2019/Aug/23 More/Less (36) • http://seclists.org/fulldisclosure/2019/Jul/26 • https://support.apple.com/kb/HT210357 • http://seclists.org/fulldisclosure/2019/Jul/38 • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/ • https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E • https://support.apple.com/kb/HT210348 • http://seclists.org/fulldisclosure/2019/Jul/24 • http://seclists.org/fulldisclosure/2019/Jul/37 • http://seclists.org/fulldisclosure/2019/Jul/22 • https://support.apple.com/kb/HT210351 • http://seclists.org/fulldisclosure/2019/Aug/11 • https://oss-fuzz.com/testcase-detail/5197371471822848 • https://seclists.org/bugtraq/2019/Jul/35 • https://security.netapp.com/advisory/ntap-20190806-0004/ • http://www.openwall.com/lists/oss-security/2019/11/17/2 • https://support.apple.com/kb/HT210346 • https://seclists.org/bugtraq/2019/Jul/40 • https://seclists.org/bugtraq/2019/Aug/25 • http://seclists.org/fulldisclosure/2019/Aug/13 • https://seclists.org/bugtraq/2019/Jul/36 • http://seclists.org/fulldisclosure/2019/Jul/31 • https://www.oracle.com/security-alerts/cpujan2020.html • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 • https://seclists.org/bugtraq/2019/Aug/21 • https://usn.ubuntu.com/4164-1/ • https://support.apple.com/kb/HT210356 • http://seclists.org/fulldisclosure/2019/Jul/23 • https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html • https://seclists.org/bugtraq/2019/Jul/37 • https://support.apple.com/kb/HT210358 • https://seclists.org/bugtraq/2019/Jul/41 • http://seclists.org/fulldisclosure/2019/Aug/14 • https://seclists.org/bugtraq/2019/Aug/22 • https://security.netapp.com/advisory/ntap-20200122-0003/ • https://seclists.org/bugtraq/2019/Jul/42 • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html