PublicDateAtUSN: 2019-10-18 21:15:00 UTC
Candidate: CVE-2019-18197
PublicDate: 2019-10-18 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
 https://ubuntu.com/security/notices/USN-4164-1
Description:
 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't
 reset under certain circumstances. If the relevant memory area happened to
 be freed and reused in a certain way, a bounds check could fail and memory
 outside a buffer could be written to, or uninitialized data could be
 disclosed.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
Priority: medium
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H [7.5 HIGH]


Patches_libxslt:
 upstream: https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
upstream_libxslt: needs-triage
precise/esm_libxslt: released (1.1.26-8ubuntu1.6)
trusty_libxslt: ignored (out of standard support)
trusty/esm_libxslt: released (1.1.28-2ubuntu0.2+esm1)
xenial_libxslt: released (1.1.28-2.1ubuntu0.3)
esm-infra/xenial_libxslt: released (1.1.28-2.1ubuntu0.3)
bionic_libxslt: released (1.1.29-5ubuntu0.2)
disco_libxslt: released (1.1.32-2ubuntu0.2)
eoan_libxslt: released (1.1.33-0ubuntu1.1)
devel_libxslt: DNE