system/libxslt: CVE-2019-18197: lack of pointer reset may lead to memory write or disclosure of uninitialized data
Bugzilla ID | 218 |
Alias(es) | CVE-2019-18197 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-10-24 16:27:05 -0500 |
Modified | 2020-02-25 17:43:06 -0600 |
Status | RESOLVED FIXED |
Version | 1.0-BETA4 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-18197 |
Description
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable
isn't reset under certain circumstances. If the relevant memory area
happened to be freed and reused in a certain way, a bounds check could
fail and memory outside a buffer could be written to, or uninitialized
data could be disclosed.