CVE-2019-13117

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-13117
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13117.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-13117
Aliases
Downstream
Related
Published
2019-07-01T02:15:09.737Z
Modified
2026-04-16T04:40:26.721855542Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

References

Affected packages

Git / github.com/openjdk/jdk

Affected ranges

Type
GIT
Repo
https://github.com/openjdk/jdk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d5b466657e29a5338b84fa9acfc1b76bf8c39d61
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "19.10"
        }
    ]
}
Type
GIT
Repo
https://github.com/openjdk/jdk15u
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
74882b0d0dbe23ee43b60ff4d5b2ede8a0ad4679
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "15.1"
        }
    ]
}
Type
GIT
Repo
https://gitlab.gnome.org/GNOME/libxslt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f1eb717f04d9cc297cc5e58e94b81ac96f47e741
Fixed
c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.33"
        }
    ]
}

Affected versions

1.*
1.1.23
1.1.24
Other
CVE-2015-7995
LIBXSLT_0_0_0
LIBXSLT_0_10_0
LIBXSLT_0_11_0
LIBXSLT_0_12_0
LIBXSLT_0_13_0
LIBXSLT_0_14_0
LIBXSLT_0_1_0
LIBXSLT_0_3_0
LIBXSLT_0_4_0
LIBXSLT_0_6_0
LIBXSLT_0_7_0
LIBXSLT_0_8_0
LIBXSLT_0_9_0
LIBXSLT_1_0_0
LIBXSLT_1_0_10
LIBXSLT_1_0_11
LIBXSLT_1_0_12
LIBXSLT_1_0_13
LIBXSLT_1_0_14
LIBXSLT_1_0_16
LIBXSLT_1_0_17
LIBXSLT_1_0_18
LIBXSLT_1_0_19
LIBXSLT_1_0_2
LIBXSLT_1_0_20
LIBXSLT_1_0_21
LIBXSLT_1_0_22
LIBXSLT_1_0_23
LIBXSLT_1_0_24
LIBXSLT_1_0_25
LIBXSLT_1_0_26
LIBXSLT_1_0_27
LIBXSLT_1_0_28
LIBXSLT_1_0_29
LIBXSLT_1_0_3
LIBXSLT_1_0_30
LIBXSLT_1_0_31
LIBXSLT_1_0_32
LIBXSLT_1_0_33
LIBXSLT_1_0_4
LIBXSLT_1_0_5
LIBXSLT_1_0_6
LIBXSLT_1_0_7
LIBXSLT_1_0_8
LIBXSLT_1_0_9
LIBXSLT_1_1_0
LIBXSLT_1_1_1
LIBXSLT_1_1_10
LIBXSLT_1_1_11
LIBXSLT_1_1_12
LIBXSLT_1_1_13
LIBXSLT_1_1_14
LIBXSLT_1_1_15
LIBXSLT_1_1_16
LIBXSLT_1_1_17
LIBXSLT_1_1_18
LIBXSLT_1_1_2
LIBXSLT_1_1_21
LIBXSLT_1_1_22
LIBXSLT_1_1_3
LIBXSLT_1_1_4
LIBXSLT_1_1_5
LIBXSLT_1_1_6
LIBXSLT_1_1_7
LIBXSLT_1_1_8
LIBXSLT_1_1_9
LIXSLT_0_5_0
jdk-10+20
jdk-10+21
jdk-10+22
jdk-10+23
jdk-10+24
jdk-12+0
jdk-15+0
jdk-15+1
jdk-15+2
jdk-15+3
jdk-15+4
jdk-15+6
jdk-16+14
jdk-16+15
jdk-16+16
jdk-16+17
jdk-16+18
jdk-16+19
jdk-16+20
jdk-16+21
jdk-16+22
jdk-16+23
jdk-16+24
jdk-16+25
jdk-16+26
jdk-16+27
jdk-16+28
jdk-17+0
jdk-17+1
jdk-17+10
jdk-17+11
jdk-17+12
jdk-17+13
jdk-17+14
jdk-17+15
jdk-17+16
jdk-17+17
jdk-17+18
jdk-17+19
jdk-17+2
jdk-17+20
jdk-17+21
jdk-17+22
jdk-17+23
jdk-17+24
jdk-17+25
jdk-17+26
jdk-17+3
jdk-17+4
jdk-17+5
jdk-17+6
jdk-17+7
jdk-17+8
jdk-17+9
jdk-18+0
jdk-18+1
jdk-18+10
jdk-18+11
jdk-18+12
jdk-18+13
jdk-18+14
jdk-18+15
jdk-18+16
jdk-18+17
jdk-18+18
jdk-18+19
jdk-18+2
jdk-18+20
jdk-18+21
jdk-18+22
jdk-18+23
jdk-18+24
jdk-18+25
jdk-18+26
jdk-18+27
jdk-18+3
jdk-18+4
jdk-18+5
jdk-18+6
jdk-18+7
jdk-18+8
jdk-18+9
jdk-19+0
jdk-19+1
jdk-19+10
jdk-19+2
jdk-19+3
jdk-19+4
jdk-19+5
jdk-19+6
jdk-19+7
jdk-19+8
jdk-19+9
jdk-9+100
jdk-9+101
jdk-9+102
jdk-9+103
jdk-9+104
jdk-9+105
jdk-9+106
jdk-9+107
jdk-9+108
jdk-9+109
jdk-9+110
jdk-9+111
jdk-9+112
jdk-9+113
jdk-9+114
jdk-9+115
jdk-9+116
jdk-9+117
jdk-9+118
jdk-9+119
jdk-9+120
jdk-9+121
jdk-9+122
jdk-9+123
jdk-9+124
jdk-9+127
jdk-9+128
jdk-9+129
jdk-9+130
jdk-9+131
jdk-9+132
jdk-9+133
jdk-9+134
jdk-9+135
jdk-9+136
jdk-9+137
jdk-9+138
jdk-9+139
jdk-9+140
jdk-9+141
jdk-9+142
jdk-9+143
jdk-9+144
jdk-9+145
jdk-9+146
jdk-9+147
jdk-9+148
jdk-9+149
jdk-9+150
jdk-9+151
jdk-9+152
jdk-9+153
jdk-9+154
jdk-9+155
jdk-9+156
jdk-9+95
jdk-9+96
jdk-9+97
jdk-9+98
jdk-9+99
jdk7-b100
jdk7-b101
jdk7-b102
jdk7-b103
jdk7-b104
jdk7-b105
jdk7-b106
jdk7-b107
jdk7-b108
jdk7-b120
jdk7-b121
jdk7-b122
jdk7-b123
jdk7-b124
jdk7-b125
jdk7-b126
jdk7-b127
jdk7-b128
jdk7-b129
jdk7-b130
jdk7-b131
jdk7-b132
jdk7-b133
jdk7-b134
jdk7-b135
jdk7-b136
jdk7-b137
jdk7-b138
jdk7-b139
jdk7-b140
jdk7-b141
jdk7-b143
jdk7-b24
jdk7-b25
jdk7-b26
jdk7-b27
jdk7-b28
jdk7-b31
jdk7-b32
jdk7-b33
jdk7-b34
jdk7-b35
jdk7-b36
jdk7-b38
jdk7-b39
jdk7-b40
jdk7-b41
jdk7-b44
jdk7-b45
jdk7-b46
jdk7-b48
jdk7-b49
jdk7-b50
jdk7-b51
jdk7-b53
jdk7-b54
jdk7-b55
jdk7-b56
jdk7-b60
jdk7-b61
jdk7-b62
jdk7-b63
jdk7-b64
jdk7-b65
jdk7-b66
jdk7-b68
jdk7-b70
jdk7-b71
jdk7-b72
jdk7-b73
jdk7-b74
jdk7-b75
jdk7-b76
jdk7-b77
jdk7-b78
jdk7-b79
jdk7-b80
jdk7-b81
jdk7-b82
jdk7-b83
jdk7-b84
jdk7-b85
jdk7-b86
jdk7-b87
jdk7-b88
jdk7-b89
jdk7-b90
jdk7-b91
jdk7-b92
jdk7-b93
jdk7-b94
jdk7-b95
jdk7-b96
jdk7-b97
jdk7-b98
jdk7-b99
jdk8-b01
jdk8-b119
jdk8-b120
jdk8-b15
jdk8-b16
jdk8-b18
jdk8-b19
jdk8-b20
jdk8-b21
jdk8-b22
jdk8-b23
jdk8-b24
jdk8-b25
jdk8-b26
jdk8-b27
jdk8-b28
jdk8-b29
jdk8-b30
jdk8-b31
jdk8-b32
jdk8-b33
jdk8-b34
jdk8-b35
jdk8-b36
jdk8-b37
jdk8-b38
jdk8-b39
jdk8-b40
jdk8-b41
jdk8-b42
jdk8-b43
jdk8-b44
jdk8-b45
jdk8-b46
jdk8-b49
jdk8-b50
jdk8-b52
jdk8-b53
jdk8-b54
jdk8-b55
jdk9-b00
jdk9-b01
jdk9-b04
jdk9-b05
jdk9-b06
jdk9-b07
jdk9-b08
jdk9-b10
jdk9-b11
jdk9-b12
jdk9-b13
jdk9-b14
jdk9-b15
jdk9-b16
jdk9-b17
jdk9-b18
jdk9-b19
jdk9-b20
jdk9-b21
jdk9-b23
jdk9-b24
jdk9-b25
jdk9-b26
jdk9-b27
jdk9-b30
jdk9-b31
jdk9-b32
jdk9-b33
jdk9-b34
jdk9-b35
jdk9-b36
jdk9-b37
jdk9-b38
jdk9-b39
jdk9-b40
jdk9-b41
jdk9-b42
jdk9-b43
jdk9-b44
jdk9-b45
jdk9-b46
jdk9-b47
jdk9-b48
jdk9-b49
jdk9-b50
jdk9-b51
jdk9-b52
jdk9-b53
jdk9-b54
jdk9-b55
jdk9-b56
jdk9-b57
jdk9-b58
jdk9-b59
jdk9-b60
jdk9-b61
jdk9-b62
jdk9-b63
jdk9-b64
jdk9-b65
jdk9-b66
jdk9-b67
jdk9-b68
jdk9-b69
jdk9-b70
jdk9-b71
jdk9-b72
jdk9-b73
jdk9-b74
jdk9-b75
jdk9-b76
jdk9-b77
jdk9-b78
jdk9-b79
jdk9-b80
jdk9-b81
jdk9-b82
jdk9-b83
jdk9-b84
jdk9-b85
jdk9-b86
jdk9-b87
jdk9-b88
jdk9-b89
jdk9-b90
jdk9-b91
jdk9-b92
jdk9-b94
v1.*
v1.1.25
v1.1.26
v1.1.27
v1.1.27-rc1
v1.1.28
v1.1.29
v1.1.29-rc1
v1.1.29-rc2
v1.1.30
v1.1.30-rc1
v1.1.30-rc2
v1.1.31
v1.1.31-rc1
v1.1.31-rc2
v1.1.32
v1.1.32-rc1
v1.1.32-rc2
v1.1.33
v1.1.33-rc1
v1.1.33-rc2

Database specific

vanir_signatures_modified 
"2026-04-11T12:42:18Z"
vanir_signatures 
[
    {
        "id": "CVE-2019-13117-565fd9eb",
        "signature_version": "v1",
        "digest": {
            "function_hash": "149946325565218207761949792658421626761",
            "length": 1909.0
        },
        "source": "https://gitlab.gnome.org/GNOME/libxslt@c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
        "deprecated": false,
        "target": {
            "function": "xsltNumberFormatTokenize",
            "file": "libxslt/numbers.c"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2019-13117-a8b017df",
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://gitlab.gnome.org/GNOME/libxslt@c5eb6cf3aba0af048596106ed839b4ae17ecbcb1",
        "deprecated": false,
        "target": {
            "file": "libxslt/numbers.c"
        },
        "digest": {
            "line_hashes": [
                "43565303947768987112289376521803259580",
                "19431884078099895786233513579532035761",
                "49920840082758177635510753390799152839",
                "72429694293929117164221740144272381935"
            ],
            "threshold": 0.9
        }
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13117.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8-update231"
            }
        ]
    }
]