libxslt: Multiple vulnerabilities (CVE-2019-13117, CVE-2019-13118)
CVE-2019-13117: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers.
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-13117
- https://security-tracker.debian.org/tracker/CVE-2019-13117
Patch:
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
CVE-2019-13118: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character.
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-13118
- https://security-tracker.debian.org/tracker/CVE-2019-13118
Patch:
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b