CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ChromeCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
xmlsoftlibxslt
𝑥
< 1.1.33
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
googlechrome
𝑥
< 74.0.3729.108
CNA
Debian logo
Debian Releases
Debian Product
Codename
chromium
bookworm
128.0.6613.84-1~deb12u1
fixed
bookworm (security)
130.0.6723.91-1~deb12u1
fixed
bullseye
120.0.6099.224-1~deb11u1
fixed
bullseye (security)
120.0.6099.224-1~deb11u1
fixed
sid
130.0.6723.91-2
fixed
trixie
129.0.6668.89-1
fixed
libxslt
bookworm
1.1.35-1
fixed
bullseye
1.1.34-4+deb11u1
fixed
bullseye (security)
1.1.34-4+deb11u1
fixed
sid
1.1.35-1.1
fixed
trixie
1.1.35-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
bionic
not-affected
cosmic
not-affected
disco
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
trusty
dne
xenial
not-affected
libxslt
bionic
Fixed 1.1.29-5ubuntu0.3
released
focal
not-affected
jammy
not-affected
kinetic
not-affected
trusty
Fixed 1.1.28-2ubuntu0.2+esm2
released
xenial
Fixed 1.1.28-2.1ubuntu0.3+esm1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
chromium-browser
RHEL 6
0:74.0.3729.108-1.el6_10
fixed
Common Weakness Enumeration
References
https://bugs.chromium.org/p/chromium/issues/detail?id=930663
https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
https://bugs.chromium.org/p/chromium/issues/detail?id=930663
https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html