#VU18966 Information disclosure in libxslt - CVE-2019-13118
Published: July 2, 2019 / Updated: October 19, 2019
Vulnerability identifier: #VU18966
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-13118
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
libxslt
libxslt
Software vendor:
Gnome Development Team
Gnome Development Team
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to uninitialized stack data exposure in numbers.c in libxslt library when processing an invalid character/length combination in xsltNumberFormatDecimal. A remote attacker can gain pass specially crafted data to the application using the affected library and gain access to sensitive information.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.