CVE-2019-19956 – libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c
https://notcve.org/view.php?id=CVE-2019-19956
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. La función xmlParseBalancedChunkMemoryRecover en el archivo parser.c en libxml2 versiones anteriores a 2.9.10, presenta una pérdida de memoria relacionada con newDoc-)oldNs. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject. • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2019-18197 – libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
https://notcve.org/view.php?id=CVE-2019-18197
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. En la función xsltCopyText en el archivo transform.c en libxslt versión 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el área de memoria relevante se liberó y reutilizó de cierta manera, una comprobación de límites podría fallar y podría escribirse la memoria fuera de un búfer o podrían divulgarse datos no inicializados. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html http://www.openwall.com/lists/oss-security/2019/11/17/2 https://access.redhat.com/errata/RHSA-2020:0514 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746 https://bugs.chromium.or • CWE-416: Use After Free CWE-908: Use of Uninitialized Resource •
CVE-2019-13118
https://notcve.org/view.php?id=CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://seclists.org/fulldisclosure/2019/Jul/22 http://seclists.org/fulldisclosure/2019/Jul/23 http://seclists.org/fulldisclosure/2019/Jul/24 http://seclists.org/fulldisclosure/2019/Jul/26 http://seclists.org/fulldisclosur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2019-13117
https://notcve.org/view.php?id=CVE-2019-13117
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. En el archivo numbers.c en libxslt versión 1.1.33, un xsl:number con ciertas cadenas de formato conllevaría a una lectura no inicializada en la función xsltNumberFormatInsertNumbers. Esto podría permitir a un atacante discernir si un byte en la pila contiene los caracteres A, a, I, i o 0, o cualquier otro carácter. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html http://www.openwall.com/lists/oss-security/2019/11/17/2 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471 https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https: • CWE-908: Use of Uninitialized Resource •
CVE-2019-5815 – chromium-browser: Heap buffer overflow in Blink
https://notcve.org/view.php?id=CVE-2019-5815
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. Una confusión de tipo en la función xsltNumberFormatGetMultipleLevel versiones anteriores a libxslt versión 1.1.33, podría permitir a atacantes explotar potencialmente la corrupción de la pila por medio de datos XML diseñados. • https://bugs.chromium.org/p/chromium/issues/detail?id=930663 https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html https://access.redhat.com/security/cve/CVE-2019-5815 https://bugzilla.redhat.com/show_bug.cgi?id=1702905 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •