{"id":"JLSEC-2026-580","details":"In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.","modified":"2026-06-08T13:30:05.658534712Z","published":"2026-06-08T13:15:35.983Z","upstream":["CVE-2019-18197"],"database_specific":{"sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-18197","id":"CVE-2019-18197","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18197","database_specific":{"status":"Modified"},"published":"2019-10-18T21:15:10.793Z","modified":"2026-05-28T19:16:33.373Z","imported":"2026-06-07T01:46:46.595Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/11/17/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/11/17/2"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2020:0514"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2020:0514"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"},{"type":"WEB","url":"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"},{"type":"WEB","url":"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20191031-0004/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20191031-0004/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200416-0004/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200416-0004/"},{"type":"WEB","url":"https://usn.ubuntu.com/4164-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4164-1/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"}],"affected":[{"package":{"name":"XSLT_jll","ecosystem":"Julia","purl":"pkg:julia/XSLT_jll?uuid=aed1982a-8fda-507f-9586-7b0439959a61"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.1.34+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-580.json"}}],"schema_version":"1.7.5"}