Home

CVE-2019-18197

Description

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isnt reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.774

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Google Chrome (x64) (80.0.3987.87)Windows
Multiple vulnerabilities fixed in Google Chrome (80.0.3987.87)Windows
Multiple vulnerabilities fixed in Microsoft Edge for chromium business (80.0.361.48)Windows
Multiple vulnerabilities fixed in Microsoft Edge for chromium business (x64) (80.0.361.48)Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.2410.7Windows
Multiple vulnerabilities are affected in Java SE Development Kit 8.0.2410.7Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.2410Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) 8.46Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.46Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.39Windows
Multiple vulnerabilities are fixed in Azul Zulu JDK 13 13.31Windows
Vulnerabilities CVE-2019-5815,CVE-2019-18197,CVE-2019-13118,CVE-2019-13117 are fixed in Ruby-nokogiri 1.10.5Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 8.0.2410Windows
Multiple vulnerabilities are affected in Java Runtime Environment 1.8 (x64) 8.0.2410Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1Windows
Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (80.0.3987.87)Mac
XSLT processing library (USN-4164-1) libxslt1.1_1.1.29-5ubuntu0.2_i386.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.29-5ubuntu0.2_amd64.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.32-2ubuntu0.2_i386.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.32-2ubuntu0.2_amd64.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.33-0ubuntu1.1_i386.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.33-0ubuntu1.1_amd64.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.28-2.1ubuntu0.3_i386.debLinux
XSLT processing library (USN-4164-1) libxslt1.1_1.1.28-2.1ubuntu0.3_amd64.debLinux
(RHSA-2020:0514) chromium-browser security update chromium-browser-80.0.3987.87-1.el6_10.i686.rpmLinux
(RHSA-2020:0514) chromium-browser security update chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpmLinux
(RHSA-2020:4005) libxslt security update libxslt-1.1.28-6.el7.i686.rpmLinux
(RHSA-2020:4005) libxslt security update libxslt-1.1.28-6.el7.x86_64.rpmLinux
(RHSA-2020:4005) libxslt security update libxslt-devel-1.1.28-6.el7.i686.rpmLinux
(RHSA-2020:4005) libxslt security update libxslt-devel-1.1.28-6.el7.x86_64.rpmLinux
(RHSA-2020:4005) libxslt security update libxslt-python-1.1.28-6.el7.x86_64.rpmLinux
(RHSA-2020:4464) libxslt security update libxslt-1.1.32-5.el8.i686.rpmLinux
(RHSA-2020:4464) libxslt security update libxslt-1.1.32-5.el8.x86_64.rpmLinux
(RHSA-2020:4464) libxslt security update libxslt-debugsource-1.1.32-5.el8.i686.rpmLinux
(RHSA-2020:4464) libxslt security update libxslt-debugsource-1.1.32-5.el8.x86_64.rpmLinux
(RHSA-2020:4464) libxslt security update libxslt-devel-1.1.32-5.el8.i686.rpmLinux
(RHSA-2020:4464) libxslt security update libxslt-devel-1.1.32-5.el8.x86_64.rpmLinux
Multiple vulnerabilities fixed in Google Chrome (80.0.3987.87) (For Debian)Linux
Multiple vulnerabilities fixed in Google Chrome (80.0.3987.87) (For Centos)Linux
Multiple vulnerabilities fixed in Google Chrome (80.0.3987.87) (For RedHat)Linux
Multiple vulnerabilities fixed in Google Chrome (80.0.3987.87) (For Suse)Linux
Multiple vulnerabilities fixed in Google Chrome (80.0.3987.87) (For Ubuntu)Linux
(RHSA-2020:4005)Moderate: security update libxslt-debuginfo-1.1.28-6.el7.i686.rpmLinux
(RHSA-2020:4005)Moderate: security update libxslt-debuginfo-1.1.28-6.el7.x86_64.rpmLinux
(RHSA-2020:4464)Moderate: security update libxslt-debuginfo-1.1.32-5.el8.i686.rpmLinux
(RHSA-2020:4464)Moderate: security update libxslt-debuginfo-1.1.32-5.el8.x86_64.rpmLinux
Libxslt update (ELSA-2020-4464) libxslt-1.1.32-5.0.1.el8.i686.rpmLinux
Libxslt update (ELSA-2020-4464) libxslt-1.1.32-5.0.1.el8.x86_64.rpmLinux
Libxslt-devel update (ELSA-2020-4464) libxslt-devel-1.1.32-5.0.1.el8.i686.rpmLinux
Libxslt-devel update (ELSA-2020-4464) libxslt-devel-1.1.32-5.0.1.el8.x86_64.rpmLinux
libxslt Security Update (ALAS-2020-1535) libxslt-1.1.28-6.amzn2.i686.rpmLinux
libxslt Security Update (ALAS-2020-1535) libxslt-1.1.28-6.amzn2.x86_64.rpmLinux
libxslt Security Update (ALAS-2020-1535) libxslt-devel-1.1.28-6.amzn2.x86_64.rpmLinux
libxslt Security Update (ALAS-2020-1535) libxslt-python-1.1.28-6.amzn2.x86_64.rpmLinux
Vulnerabilities CVE-2019-5815,CVE-2019-18197,CVE-2019-13118,CVE-2019-13117 are fixed in Ruby-nokogiri for Linux 1.10.5Linux
Use After Free Vulnerability (CVE-2019-18197)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-312772Google Chrome (x64) (80.0.3987.87)
PATCH-312771Google Chrome (80.0.3987.87)
PATCH-109333Microsoft Edge for chromium business (99.0.1150.30) (x86)
PATCH-109332Microsoft Edge for chromium business (99.0.1150.30) (x64)
PATCH-330242Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-330243Java SE Development Kit 8 Update 371 (32-bit) (8.0.3710.11) (JDK)
PATCH-330242Java SE Development Kit 8 Update 371 (64-bit) (8.0.3710.11) (JDK)
PATCH-342222Azul Zulu JDK 8 (MSI) (8.82.0.21)
PATCH-342223Azul Zulu JDK 8 (MSI) (x64) (8.82.0.21)
PATCH-342218Azul Zulu JDK 11 (MSI) (x64) (11.76.21)
PATCH-328592Azul Zulu JDK 13 (13.54.17)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234