CVE-2019-5815: Heap buffer overflow in Blink
First published: Mon Feb 11 2019(Updated: )
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
Credit: cve-coordination@google.com Nicolas Grégoire Agarri
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xmlsoft Libxslt | <1.1.33 | |
| Debian Debian Linux | =10.0 | |
| debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 | |
| debian/libxslt | <=1.1.32-2.2~deb10u1 | 1.1.32-2.2~deb10u2 1.1.34-4+deb11u1 1.1.35-1 |
| Google Chrome | <74.0.3729.108 | 74.0.3729.108 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.chromium.org/p/chromium/issues/detail?id=930663
- https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
- https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
- https://security-tracker.debian.org/tracker/CVE-2019-5815
- https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2019-5815?
CVE-2019-5815 is a vulnerability that allows attackers to potentially exploit heap corruption via crafted XML data.
What is the severity of CVE-2019-5815?
CVE-2019-5815 has a severity level of 7.5 (high).
How does CVE-2019-5815 affect the affected software?
CVE-2019-5815 affects the software mentioned in the 'affected_software' field, specifically 'libxslt' and 'chromium' on certain debian/linux versions.
How can CVE-2019-5815 be fixed?
To fix CVE-2019-5815, users should update to the recommended versions mentioned in the 'affected_software' field or apply the provided patches from the official sources.
Where can I find more information about CVE-2019-5815?
More information about CVE-2019-5815 can be found in the references provided: [link1], [link2], [link3].
- collector/nvd-index
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- collector/chrome-releases
- agent/software-canonical-lookup
- agent/author
- agent/remedy
- agent/weakness
- agent/title
- agent/severity
- agent/references
- agent/event
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/xmlsoft
- canonical/xmlsoft libxslt
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- package-manager/debian
- vendor/google
- canonical/google chrome