CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.046

EPSS Ranking 88.6%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

Products affected by CVE-2019-13117

Oracle » Openjdk » Version: 8

cpe:2.3:a:oracle:openjdk:8
Xmlsoft » Libxslt » Version: 1.1.33

cpe:2.3:a:xmlsoft:libxslt:1.1.33
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04
Canonical » Ubuntu Linux » Version: 19.04

cpe:2.3:o:canonical:ubuntu_linux:19.04
Canonical » Ubuntu Linux » Version: 19.10

cpe:2.3:o:canonical:ubuntu_linux:19.10
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0
Fedoraproject » Fedora » Version: 31

cpe:2.3:o:fedoraproject:fedora:31
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13117

Products

Pricing

Contact Us