Home

CVE-2019-13118

Description

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
1.027

Associated Vulnerability

VulnerabilityOS Platform
Update Apple iTunes (X64) (12.9.6.3) fixed multiple vulnerabilitesWindows
Update iCloud (7.13.0.14) fixed multiple vulnerabilitesWindows
Vulnerabilities CVE-2019-13117,CVE-2019-13118,CVE-2019-16168,CVE-2020-2585 are fixed in Java SEJava SE: 8u231Windows
Vulnerabilities CVE-2019-13117,CVE-2019-13118,CVE-2019-16168,CVE-2020-2585 are fixed in Java SEJava SE: 8u231(x64)Windows
Multiple vulnerabilities affected in Oracle Java SE 8u311Windows
Multiple vulnerabilities affected in Oracle Java SE 8u311 (x64)Windows
Multiple vulnerabilities affected in Oracle Java SE Developement -Kit 8u311Windows
Multiple vulnerabilities affected in Oracle Java SE Developement Kit 8u311 (x64)Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) Java SE Development Kit 8 Update 231 (64-bit)Windows
Multiple vulnerabilities are affected in Java SE Development Kit Java SE Development Kit 8 Update 231 (64-bit)Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.2310Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.44Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.44Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.37Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 13 13.29Windows
Vulnerabilities CVE-2019-5815,CVE-2019-18197,CVE-2019-13118,CVE-2019-13117 are fixed in Ruby-nokogiri 1.10.5Windows
Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3Windows
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.9.5Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.9.5Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1Windows
Multiple vulnerabilities are fixed in macOS Mojave 10.14.6Mac
Multiple vulnerabilities are fixed in macOS Mojave 10.14.6 Combo UpdateMac
Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.9.5Mac
XSLT processing library (USN-4164-1) libxslt1.1_1.1.29-5ubuntu0.2_i386.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.29-5ubuntu0.2_amd64.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.32-2ubuntu0.2_i386.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.32-2ubuntu0.2_amd64.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.33-0ubuntu1.1_i386.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.33-0ubuntu1.1_amd64.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.28-2.1ubuntu0.3_i386.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.28-2.1ubuntu0.3_amd64.debLinux
Vulnerabilities CVE-2019-5815,CVE-2019-18197,CVE-2019-13118,CVE-2019-13117 are fixed in Ruby-nokogiri for Linux 1.10.5Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-310437Apple iTunes (X64) (12.9.6.3)
PATCH-310440iCloud (7.13.0.14)
PATCH-323264Java 8 Update 321 (8.0.3210.7) (JRE)
PATCH-323263Java 8 Update 321 (64-bit) (8.0.3210.7) (JRE)
PATCH-323267Java SE Development Kit 8 Update 321 (32-bit) (8.0.3210.7) (JDK)
PATCH-323266Java SE Development Kit 8 Update 321 (64-bit) (8.0.3210.7) (JDK)
PATCH-333701Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-342222Azul Zulu JDK 8 (MSI) (8.82.0.21)
PATCH-342223Azul Zulu JDK 8 (MSI) (x64) (8.82.0.21)
PATCH-342218Azul Zulu JDK 11 (MSI) (x64) (11.76.21)
PATCH-328592Azul Zulu JDK 13 (13.54.17)
PATCH-602004macOS Mojave 10.14.6
PATCH-602005macOS Mojave 10.14.6 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234