Skip to main content

Use of Uninitialized Resource

CVE-2019-13117

Severity Medium
Score 5.3/10

Summary

In "numbers.c" in libxslt 1.1.33, an "xsl:number" with certain format strings could lead to a uninitialized read in "xsltNumberFormatInsertNumbers". This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-908 - Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized.

Advisory Timeline

  • Published