PT-2019-4769 · Libxslt+8 · Libxslt+8

Published

2019-10-18

·

Updated

2025-09-29

·

CVE-2019-18197

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions libxslt version 1.1.33 Nokogiri versions prior to 1.10.5
Description The issue is related to the xsltCopyText function in the transform.c file of the libxslt library. It involves the use of memory after it has been freed, which can lead to a bounds check failure, allowing memory outside a buffer to be written to, or the disclosure of uninitialized data. This could potentially enable a remote attacker to execute arbitrary code.
Recommendations For libxslt version 1.1.33, update to version 1.1.34 or later, which contains a patch for this issue. For Nokogiri versions prior to 1.10.5, upgrade to version 1.10.5 or later, as it upgrades the dependency to libxslt 1.1.34, which resolves the issue.

Exploit

Fix

Use After Free

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-908

Related Identifiers

ALSA-2025_16880
ALT-PU-2020-1457
ALT-PU-2020-1521
ALT-PU-2020-1707
ALT-PU-2020-2441
BDU:2020-01341
CESA-2020_4464
CVE-2019-18197
DLA-1973-1
GHSA-242X-7CM6-4W8J
MGASA-2019-0313
OPENSUSE-SU-2020:0189-1
OPENSUSE-SU-2020:0210-1
OPENSUSE-SU-2020:0233-1
OPENSUSE-SU-2020:0731-1
OPENSUSE-SU-2020_0189-1
OPENSUSE-SU-2020_0731-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:11017-1
OPENSUSE-SU-2024:12948-1
RHSA-2020:0514
RHSA-2020:4005
RHSA-2020:4464
RHSA-2020_0514
RHSA-2020_4005
RHSA-2020_4464
SUSE-SU-2020:0920-1
SUSE-SU-2020:0920-2
SUSE-SU-2020:1409-1
SUSE-SU-2020_0920-1
SUSE-SU-2020_0920-2
USN-4164-1

Affected Products

Alt Linux
Centos
Google Chrome
Java Platform
Nokogiri
Red Hat
Suse
Ubuntu
Libxslt