Use of Uninitialized Resource
CVE-2019-13117
Summary
In "numbers.c" in libxslt 1.1.33, an "xsl:number" with certain format strings could lead to a uninitialized read in "xsltNumberFormatInsertNumbers". This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-908 - Use of Uninitialized Resource
The software uses or accesses a resource that has not been initialized.
Advisory Timeline
- Published