Debian 8: DLA-1860-1 Moderate: libxslt Memory Corruption
debian lts
July 22, 2019
Several vulnerabilities were found in libxslt the XSLT 1.0 processing library
Summary
Invalid memory access leading to DoS at exsltDynMapFunction. libxslt
allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
CVE-2016-4609
Out-of-bounds read at xmlGetLineNoInternal()
libxslt allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
CVE-2019-13117
An xsl:number with certain format strings could lead to an
uninitialized read in xsltNumberFormatInsertNumbers. This could
allow an attacker to discern whether a byte on the stack contains
the characters A, a, I, i, or 0, or any other character.
CVE-2019-13118
A type holding grouping characters of an xsl:number instruction was
too narrow and an invalid character/length combination could be
passed to xsltNumberFormatDecimal, leading to a read of
uninitialized stack data.
PREVIOUS
NEXT
Package: libxslt
Version: 1.1.28-2+deb8u5
CVE ID: CVE-2016-4609 CVE-2016-4610 CVE-2019-13117
Debian Bug: 932321 932320
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!