CVE-2019-13117
- Source
- https://cve.org/CVERecord?id=CVE-2019-13117
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13117.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-13117
- Aliases
- Downstream
- Related
- Published
- 2019-07-01T02:15:09.737Z
- Modified
- 2026-03-15T22:21:53.779377Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://usn.ubuntu.com/4164-1/
- https://www.oracle.com/security-alerts/cpujan2020.html
- http://www.openwall.com/lists/oss-security/2019/11/17/2
- https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
- https://security.netapp.com/advisory/ntap-20190806-0004/
- https://security.netapp.com/advisory/ntap-20200122-0003/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
- https://oss-fuzz.com/testcase-detail/5631739747106816
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
- https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
Affected packages
Git / github.com/openjdk/jdk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openjdk/jdk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "19.10" } ] }
Affected versions
1.*
1.1.23
1.1.24
Other
CVE-2015-7995
LIBXSLT_0_0_0
LIBXSLT_0_10_0
LIBXSLT_0_11_0
LIBXSLT_0_12_0
LIBXSLT_0_13_0
LIBXSLT_0_14_0
LIBXSLT_0_1_0
LIBXSLT_0_3_0
LIBXSLT_0_4_0
LIBXSLT_0_6_0
LIBXSLT_0_7_0
LIBXSLT_0_8_0
LIBXSLT_0_9_0
LIBXSLT_1_0_0
LIBXSLT_1_0_10
LIBXSLT_1_0_11
LIBXSLT_1_0_12
LIBXSLT_1_0_13
LIBXSLT_1_0_14
LIBXSLT_1_0_16
LIBXSLT_1_0_17
LIBXSLT_1_0_18
LIBXSLT_1_0_19
LIBXSLT_1_0_2
LIBXSLT_1_0_20
LIBXSLT_1_0_21
LIBXSLT_1_0_22
LIBXSLT_1_0_23
LIBXSLT_1_0_24
LIBXSLT_1_0_25
LIBXSLT_1_0_26
LIBXSLT_1_0_27
LIBXSLT_1_0_28
LIBXSLT_1_0_29
LIBXSLT_1_0_3
LIBXSLT_1_0_30
LIBXSLT_1_0_31
LIBXSLT_1_0_32
LIBXSLT_1_0_33
LIBXSLT_1_0_4
LIBXSLT_1_0_5
LIBXSLT_1_0_6
LIBXSLT_1_0_7
LIBXSLT_1_0_8
LIBXSLT_1_0_9
LIBXSLT_1_1_0
LIBXSLT_1_1_1
LIBXSLT_1_1_10
LIBXSLT_1_1_11
LIBXSLT_1_1_12
LIBXSLT_1_1_13
LIBXSLT_1_1_14
LIBXSLT_1_1_15
LIBXSLT_1_1_16
LIBXSLT_1_1_17
LIBXSLT_1_1_18
LIBXSLT_1_1_2
LIBXSLT_1_1_21
LIBXSLT_1_1_22
LIBXSLT_1_1_3
LIBXSLT_1_1_4
LIBXSLT_1_1_5
LIBXSLT_1_1_6
LIBXSLT_1_1_7
LIBXSLT_1_1_8
LIBXSLT_1_1_9
LIXSLT_0_5_0
jdk-10+0
jdk-10+1
jdk-10+10
jdk-10+11
jdk-10+12
jdk-10+13
jdk-10+14
jdk-10+15
jdk-10+16
jdk-10+17
jdk-10+18
jdk-10+19
jdk-10+2
jdk-10+20
jdk-10+21
jdk-10+22
jdk-10+23
jdk-10+24
jdk-10+25
jdk-10+26
jdk-10+27
jdk-10+28
jdk-10+29
jdk-10+3
jdk-10+30
jdk-10+31
jdk-10+32
jdk-10+33
jdk-10+34
jdk-10+35
jdk-10+36
jdk-10+37
jdk-10+38
jdk-10+39
jdk-10+4
jdk-10+40
jdk-10+41
jdk-10+42
jdk-10+43
jdk-10+44
jdk-10+45
jdk-10+46
jdk-10+5
jdk-10+6
jdk-10+7
jdk-10+8
jdk-10+9
jdk-11+0
jdk-11+1
jdk-11+10
jdk-11+11
jdk-11+12
jdk-11+13
jdk-11+14
jdk-11+15
jdk-11+16
jdk-11+17
jdk-11+18
jdk-11+19
jdk-11+2
jdk-11+20
jdk-11+21
jdk-11+22
jdk-11+23
jdk-11+24
jdk-11+25
jdk-11+26
jdk-11+27
jdk-11+28
jdk-11+3
jdk-11+4
jdk-11+5
jdk-11+6
jdk-11+7
jdk-11+8
jdk-11+9
jdk-11-ga
jdk-12+0
jdk-12+1
jdk-12+10
jdk-12+11
jdk-12+12
jdk-12+13
jdk-12+14
jdk-12+15
jdk-12+16
jdk-12+17
jdk-12+18
jdk-12+19
jdk-12+2
jdk-12+20
jdk-12+21
jdk-12+22
jdk-12+23
jdk-12+24
jdk-12+25
jdk-12+26
jdk-12+27
jdk-12+28
jdk-12+29
jdk-12+3
jdk-12+30
jdk-12+31
jdk-12+32
jdk-12+33
jdk-12+4
jdk-12+5
jdk-12+6
jdk-12+7
jdk-12+8
jdk-12+9
jdk-12-ga
jdk-13+0
jdk-13+1
jdk-13+10
jdk-13+11
jdk-13+12
jdk-13+13
jdk-13+14
jdk-13+15
jdk-13+16
jdk-13+17
jdk-13+18
jdk-13+19
jdk-13+2
jdk-13+20
jdk-13+21
jdk-13+22
jdk-13+23
jdk-13+24
jdk-13+25
jdk-13+26
jdk-13+27
jdk-13+28
jdk-13+29
jdk-13+3
jdk-13+30
jdk-13+31
jdk-13+32
jdk-13+33
jdk-13+4
jdk-13+5
jdk-13+6
jdk-13+7
jdk-13+8
jdk-13+9
jdk-13-ga
jdk-14+0
jdk-14+1
jdk-14+10
jdk-14+11
jdk-14+12
jdk-14+13
jdk-14+14
jdk-14+15
jdk-14+16
jdk-14+17
jdk-14+18
jdk-14+19
jdk-14+2
jdk-14+20
jdk-14+21
jdk-14+22
jdk-14+23
jdk-14+24
jdk-14+25
jdk-14+26
jdk-14+27
jdk-14+28
jdk-14+29
jdk-14+3
jdk-14+30
jdk-14+31
jdk-14+32
jdk-14+33
jdk-14+34
jdk-14+35
jdk-14+36
jdk-14+4
jdk-14+5
jdk-14+6
jdk-14+7
jdk-14+8
jdk-14+9
jdk-14-ga
jdk-15+0
jdk-15+1
jdk-15+10
jdk-15+11
jdk-15+12
jdk-15+13
jdk-15+14
jdk-15+15
jdk-15+16
jdk-15+17
jdk-15+18
jdk-15+19
jdk-15+2
jdk-15+20
jdk-15+21
jdk-15+22
jdk-15+23
jdk-15+24
jdk-15+25
jdk-15+26
jdk-15+27
jdk-15+28
jdk-15+29
jdk-15+3
jdk-15+30
jdk-15+31
jdk-15+32
jdk-15+33
jdk-15+34
jdk-15+35
jdk-15+36
jdk-15+4
jdk-15+5
jdk-15+6
jdk-15+7
jdk-15+8
jdk-15+9
jdk-15-ga
jdk-16+0
jdk-16+1
jdk-16+10
jdk-16+11
jdk-16+12
jdk-16+13
jdk-16+14
jdk-16+15
jdk-16+16
jdk-16+17
jdk-16+18
jdk-16+19
jdk-16+2
jdk-16+20
jdk-16+21
jdk-16+22
jdk-16+23
jdk-16+24
jdk-16+25
jdk-16+26
jdk-16+27
jdk-16+28
jdk-16+29
jdk-16+3
jdk-16+30
jdk-16+31
jdk-16+32
jdk-16+33
jdk-16+34
jdk-16+35
jdk-16+36
jdk-16+4
jdk-16+5
jdk-16+6
jdk-16+7
jdk-16+8
jdk-16+9
jdk-16-ga
jdk-17+0
jdk-17+1
jdk-17+10
jdk-17+11
jdk-17+12
jdk-17+13
jdk-17+14
jdk-17+15
jdk-17+16
jdk-17+17
jdk-17+18
jdk-17+19
jdk-17+2
jdk-17+20
jdk-17+21
jdk-17+22
jdk-17+23
jdk-17+24
jdk-17+25
jdk-17+26
jdk-17+27
jdk-17+28
jdk-17+29
jdk-17+3
jdk-17+30
jdk-17+31
jdk-17+32
jdk-17+33
jdk-17+34
jdk-17+35
jdk-17+4
jdk-17+5
jdk-17+6
jdk-17+7
jdk-17+8
jdk-17+9
jdk-17-ga
jdk-18+0
jdk-18+1
jdk-18+10
jdk-18+11
jdk-18+12
jdk-18+13
jdk-18+14
jdk-18+15
jdk-18+16
jdk-18+17
jdk-18+18
jdk-18+19
jdk-18+2
jdk-18+20
jdk-18+21
jdk-18+22
jdk-18+23
jdk-18+24
jdk-18+25
jdk-18+26
jdk-18+27
jdk-18+28
jdk-18+29
jdk-18+3
jdk-18+30
jdk-18+31
jdk-18+32
jdk-18+33
jdk-18+34
jdk-18+35
jdk-18+4
jdk-18+5
jdk-18+6
jdk-18+7
jdk-18+8
jdk-18+9
jdk-19+0
jdk-19+1
jdk-19+10
jdk-19+2
jdk-19+3
jdk-19+4
jdk-19+5
jdk-19+6
jdk-19+7
jdk-19+8
jdk-19+9
jdk-9+100
jdk-9+101
jdk-9+102
jdk-9+103
jdk-9+104
jdk-9+105
jdk-9+106
jdk-9+107
jdk-9+108
jdk-9+109
jdk-9+110
jdk-9+111
jdk-9+112
jdk-9+113
jdk-9+114
jdk-9+115
jdk-9+116
jdk-9+117
jdk-9+118
jdk-9+119
jdk-9+120
jdk-9+121
jdk-9+122
jdk-9+123
jdk-9+124
jdk-9+125
jdk-9+126
jdk-9+127
jdk-9+128
jdk-9+129
jdk-9+130
jdk-9+131
jdk-9+132
jdk-9+133
jdk-9+134
jdk-9+135
jdk-9+136
jdk-9+137
jdk-9+138
jdk-9+139
jdk-9+140
jdk-9+141
jdk-9+142
jdk-9+143
jdk-9+144
jdk-9+145
jdk-9+146
jdk-9+147
jdk-9+148
jdk-9+149
jdk-9+150
jdk-9+151
jdk-9+152
jdk-9+153
jdk-9+154
jdk-9+155
jdk-9+156
jdk-9+157
jdk-9+158
jdk-9+159
jdk-9+160
jdk-9+161
jdk-9+162
jdk-9+163
jdk-9+164
jdk-9+165
jdk-9+166
jdk-9+167
jdk-9+168
jdk-9+169
jdk-9+170
jdk-9+171
jdk-9+172
jdk-9+173
jdk-9+174
jdk-9+175
jdk-9+176
jdk-9+177
jdk-9+178
jdk-9+179
jdk-9+180
jdk-9+181
jdk-9+95
jdk-9+96
jdk-9+97
jdk-9+98
jdk-9+99
jdk7-b100
jdk7-b101
jdk7-b102
jdk7-b103
jdk7-b104
jdk7-b105
jdk7-b106
jdk7-b107
jdk7-b108
jdk7-b109
jdk7-b110
jdk7-b111
jdk7-b112
jdk7-b113
jdk7-b114
jdk7-b115
jdk7-b116
jdk7-b117
jdk7-b118
jdk7-b119
jdk7-b120
jdk7-b121
jdk7-b122
jdk7-b123
jdk7-b124
jdk7-b125
jdk7-b126
jdk7-b127
jdk7-b128
jdk7-b129
jdk7-b130
jdk7-b131
jdk7-b132
jdk7-b133
jdk7-b134
jdk7-b135
jdk7-b136
jdk7-b137
jdk7-b138
jdk7-b139
jdk7-b140
jdk7-b141
jdk7-b142
jdk7-b143
jdk7-b144
jdk7-b145
jdk7-b146
jdk7-b147
jdk7-b24
jdk7-b25
jdk7-b26
jdk7-b27
jdk7-b28
jdk7-b29
jdk7-b30
jdk7-b31
jdk7-b32
jdk7-b33
jdk7-b34
jdk7-b35
jdk7-b36
jdk7-b37
jdk7-b38
jdk7-b39
jdk7-b40
jdk7-b41
jdk7-b42
jdk7-b43
jdk7-b44
jdk7-b45
jdk7-b46
jdk7-b47
jdk7-b48
jdk7-b49
jdk7-b50
jdk7-b51
jdk7-b52
jdk7-b53
jdk7-b54
jdk7-b55
jdk7-b56
jdk7-b57
jdk7-b58
jdk7-b59
jdk7-b60
jdk7-b61
jdk7-b62
jdk7-b63
jdk7-b64
jdk7-b65
jdk7-b66
jdk7-b67
jdk7-b68
jdk7-b69
jdk7-b70
jdk7-b71
jdk7-b72
jdk7-b73
jdk7-b74
jdk7-b75
jdk7-b76
jdk7-b77
jdk7-b78
jdk7-b79
jdk7-b80
jdk7-b81
jdk7-b82
jdk7-b83
jdk7-b84
jdk7-b85
jdk7-b86
jdk7-b87
jdk7-b88
jdk7-b89
jdk7-b90
jdk7-b91
jdk7-b92
jdk7-b93
jdk7-b94
jdk7-b95
jdk7-b96
jdk7-b97
jdk7-b98
jdk7-b99
jdk8-b01
jdk8-b02
jdk8-b03
jdk8-b04
jdk8-b05
jdk8-b06
jdk8-b07
jdk8-b08
jdk8-b09
jdk8-b10
jdk8-b100
jdk8-b101
jdk8-b102
jdk8-b103
jdk8-b104
jdk8-b105
jdk8-b106
jdk8-b107
jdk8-b108
jdk8-b109
jdk8-b11
jdk8-b110
jdk8-b111
jdk8-b112
jdk8-b113
jdk8-b114
jdk8-b115
jdk8-b116
jdk8-b117
jdk8-b118
jdk8-b119
jdk8-b12
jdk8-b120
jdk8-b13
jdk8-b14
jdk8-b15
jdk8-b16
jdk8-b17
jdk8-b18
jdk8-b19
jdk8-b20
jdk8-b21
jdk8-b22
jdk8-b23
jdk8-b24
jdk8-b25
jdk8-b26
jdk8-b27
jdk8-b28
jdk8-b29
jdk8-b30
jdk8-b31
jdk8-b32
jdk8-b33
jdk8-b34
jdk8-b35
jdk8-b36
jdk8-b37
jdk8-b38
jdk8-b39
jdk8-b40
jdk8-b41
jdk8-b42
jdk8-b43
jdk8-b44
jdk8-b45
jdk8-b46
jdk8-b47
jdk8-b48
jdk8-b49
jdk8-b50
jdk8-b51
jdk8-b52
jdk8-b53
jdk8-b54
jdk8-b55
jdk8-b56
jdk8-b57
jdk8-b58
jdk8-b59
jdk8-b60
jdk8-b61
jdk8-b62
jdk8-b63
jdk8-b64
jdk8-b65
jdk8-b66
jdk8-b67
jdk8-b68
jdk8-b69
jdk8-b70
jdk8-b71
jdk8-b72
jdk8-b73
jdk8-b74
jdk8-b75
jdk8-b76
jdk8-b77
jdk8-b78
jdk8-b79
jdk8-b80
jdk8-b81
jdk8-b82
jdk8-b83
jdk8-b84
jdk8-b85
jdk8-b86
jdk8-b87
jdk8-b88
jdk8-b89
jdk8-b90
jdk8-b91
jdk8-b92
jdk8-b93
jdk8-b94
jdk8-b95
jdk8-b96
jdk8-b97
jdk8-b98
jdk8-b99
jdk9-b00
jdk9-b01
jdk9-b02
jdk9-b03
jdk9-b04
jdk9-b05
jdk9-b06
jdk9-b07
jdk9-b08
jdk9-b09
jdk9-b10
jdk9-b11
jdk9-b12
jdk9-b13
jdk9-b14
jdk9-b15
jdk9-b16
jdk9-b17
jdk9-b18
jdk9-b19
jdk9-b20
jdk9-b21
jdk9-b22
jdk9-b23
jdk9-b24
jdk9-b25
jdk9-b26
jdk9-b27
jdk9-b28
jdk9-b29
jdk9-b30
jdk9-b31
jdk9-b32
jdk9-b33
jdk9-b34
jdk9-b35
jdk9-b36
jdk9-b37
jdk9-b38
jdk9-b39
jdk9-b40
jdk9-b41
jdk9-b42
jdk9-b43
jdk9-b44
jdk9-b45
jdk9-b46
jdk9-b47
jdk9-b48
jdk9-b49
jdk9-b50
jdk9-b51
jdk9-b52
jdk9-b53
jdk9-b54
jdk9-b55
jdk9-b56
jdk9-b57
jdk9-b58
jdk9-b59
jdk9-b60
jdk9-b61
jdk9-b62
jdk9-b63
jdk9-b64
jdk9-b65
jdk9-b66
jdk9-b67
jdk9-b68
jdk9-b69
jdk9-b70
jdk9-b71
jdk9-b72
jdk9-b73
jdk9-b74
jdk9-b75
jdk9-b76
jdk9-b77
jdk9-b78
jdk9-b79
jdk9-b80
jdk9-b81
jdk9-b82
jdk9-b83
jdk9-b84
jdk9-b85
jdk9-b86
jdk9-b87
jdk9-b88
jdk9-b89
jdk9-b90
jdk9-b91
jdk9-b92
jdk9-b93
jdk9-b94
v1.*
v1.1.25
v1.1.26
v1.1.27
v1.1.27-rc1
v1.1.28
v1.1.29
v1.1.29-rc1
v1.1.29-rc2
v1.1.30
v1.1.30-rc1
v1.1.30-rc2
v1.1.31
v1.1.31-rc1
v1.1.31-rc2
v1.1.32
v1.1.32-rc1
v1.1.32-rc2
v1.1.33
v1.1.33-rc1
v1.1.33-rc2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13117.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8-update231"
}
]
}
]
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "libxslt/numbers.c",
"function": "xsltNumberFormatTokenize"
},
"source": "https://gitlab.gnome.org/GNOME/libxslt@c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
"deprecated": false,
"digest": {
"function_hash": "149946325565218207761949792658421626761",
"length": 1909.0
},
"id": "CVE-2019-13117-565fd9eb",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "libxslt/numbers.c"
},
"source": "https://gitlab.gnome.org/GNOME/libxslt@c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
"deprecated": false,
"digest": {
"line_hashes": [
"43565303947768987112289376521803259580",
"19431884078099895786233513579532035761",
"49920840082758177635510753390799152839",
"72429694293929117164221740144272381935"
],
"threshold": 0.9
},
"id": "CVE-2019-13117-a8b017df",
"signature_type": "Line"
}
]