{"id":"CVE-2019-5815","details":"Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.","aliases":["GHSA-vmfx-gcfq-wvm2"],"modified":"2026-04-02T03:11:27.104206Z","published":"2019-12-11T01:15:10.537Z","related":["MGASA-2019-0283","openSUSE-SU-2019:1325-1","openSUSE-SU-2019:1436-1","openSUSE-SU-2019:1666-1","openSUSE-SU-2024:10681-1","openSUSE-SU-2024:12948-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"},{"type":"WEB","url":"https://bugs.chromium.org/p/chromium/issues/detail?id=930663"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/libxslt","events":[{"introduced":"0"},{"fixed":"f1eb717f04d9cc297cc5e58e94b81ac96f47e741"},{"fixed":"08b62c25871b38d5d573515ca8a065b4b8f64f6b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.33"}]}}],"versions":["1.1.23","1.1.24","CVE-2015-7995","LIBXSLT_0_0_0","LIBXSLT_0_10_0","LIBXSLT_0_11_0","LIBXSLT_0_12_0","LIBXSLT_0_13_0","LIBXSLT_0_14_0","LIBXSLT_0_1_0","LIBXSLT_0_3_0","LIBXSLT_0_4_0","LIBXSLT_0_6_0","LIBXSLT_0_7_0","LIBXSLT_0_8_0","LIBXSLT_0_9_0","LIBXSLT_1_0_0","LIBXSLT_1_0_10","LIBXSLT_1_0_11","LIBXSLT_1_0_12","LIBXSLT_1_0_13","LIBXSLT_1_0_14","LIBXSLT_1_0_16","LIBXSLT_1_0_17","LIBXSLT_1_0_18","LIBXSLT_1_0_19","LIBXSLT_1_0_2","LIBXSLT_1_0_20","LIBXSLT_1_0_21","LIBXSLT_1_0_22","LIBXSLT_1_0_23","LIBXSLT_1_0_24","LIBXSLT_1_0_25","LIBXSLT_1_0_26","LIBXSLT_1_0_27","LIBXSLT_1_0_28","LIBXSLT_1_0_29","LIBXSLT_1_0_3","LIBXSLT_1_0_30","LIBXSLT_1_0_31","LIBXSLT_1_0_32","LIBXSLT_1_0_33","LIBXSLT_1_0_4","LIBXSLT_1_0_5","LIBXSLT_1_0_6","LIBXSLT_1_0_7","LIBXSLT_1_0_8","LIBXSLT_1_0_9","LIBXSLT_1_1_0","LIBXSLT_1_1_1","LIBXSLT_1_1_10","LIBXSLT_1_1_11","LIBXSLT_1_1_12","LIBXSLT_1_1_13","LIBXSLT_1_1_14","LIBXSLT_1_1_15","LIBXSLT_1_1_16","LIBXSLT_1_1_17","LIBXSLT_1_1_18","LIBXSLT_1_1_2","LIBXSLT_1_1_21","LIBXSLT_1_1_22","LIBXSLT_1_1_3","LIBXSLT_1_1_4","LIBXSLT_1_1_5","LIBXSLT_1_1_6","LIBXSLT_1_1_7","LIBXSLT_1_1_8","LIBXSLT_1_1_9","LIXSLT_0_5_0","v1.1.25","v1.1.26","v1.1.27","v1.1.27-rc1","v1.1.28","v1.1.29","v1.1.29-rc1","v1.1.29-rc2","v1.1.30","v1.1.30-rc1","v1.1.30-rc2","v1.1.31","v1.1.31-rc1","v1.1.31-rc2","v1.1.32","v1.1.32-rc1","v1.1.32-rc2","v1.1.33-rc1","v1.1.33-rc2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"vanir_signatures":[{"signature_version":"v1","target":{"function":"xsltNumberFormatGetMultipleLevel","file":"libxslt/numbers.c"},"source":"https://gitlab.gnome.org/GNOME/libxslt@08b62c25871b38d5d573515ca8a065b4b8f64f6b","id":"CVE-2019-5815-2937d70d","digest":{"function_hash":"58267735804317624405240029486999400972","length":759},"deprecated":false,"signature_type":"Function"},{"signature_version":"v1","target":{"file":"libxslt/numbers.c"},"source":"https://gitlab.gnome.org/GNOME/libxslt@08b62c25871b38d5d573515ca8a065b4b8f64f6b","id":"CVE-2019-5815-cf7f640b","digest":{"threshold":0.9,"line_hashes":["121720564518429366641291202463225839172","24685127460263571936247646782717643229","17140965475988714864065158270243504223","305752983219681536054652204750215997789","139419900630184326391078436869775043110","104706079610682984731976192650452243643","5026437273560794736135464524907504731","263646805853350094167610632244628575181","18831493707583347485089361307806435585","260785505964487345388846799830291840431","158853023515645357103793845626837427159","138255477983206379544042872596889617079","290283910786655020603961732493049558642","324178972341121768885352774555288855514","64308914283566557511000697784438359228","122106523707428544146753691791688186482","115051089363332525015002388520553804873","323103419907046495026699174926942826142","68091106137491600054179544781643836062","130786102974232046291453120968924296821","222896585481638522902086517896722843426","174714327718535983361890062846145674676","322969905134869587311537886641872361740","247854087823649254323157748510415702620","176512172752846759211364823173823566547","3819706359862126055985208531481769551","212334800807507510107440757201563386611","64621679589398616835939926375960582819","272029451199441376148881609707942369978","225750015987555112511618487456361545941","103377669374303583804124221310618727352","57365682843322262260429330970148494609","147652567799686264894501354037494096783","193230284413898735481501990920659511125"]},"deprecated":false,"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5815.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}