{"id":"CVE-2019-5815","details":"Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.","aliases":["GHSA-vmfx-gcfq-wvm2"],"modified":"2026-05-18T14:17:29.080141Z","published":"2019-12-11T01:15:10.537Z","related":["openSUSE-SU-2019:1325-1","openSUSE-SU-2019:1436-1","openSUSE-SU-2019:1666-1","openSUSE-SU-2024:10681-1","openSUSE-SU-2024:12948-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10.0"}]}]},"references":[{"type":"WEB","url":"https://bugs.chromium.org/p/chromium/issues/detail?id=930663"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/gnome/libxslt","events":[{"introduced":"0"},{"fixed":"f1eb717f04d9cc297cc5e58e94b81ac96f47e741"},{"fixed":"08b62c25871b38d5d573515ca8a065b4b8f64f6b"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.1.33"}]}}],"versions":["v1.1.33","v1.1.33-rc2","v1.1.33-rc1","v1.1.32","v1.1.32-rc2","v1.1.32-rc1","v1.1.31","v1.1.31-rc2","v1.1.31-rc1","v1.1.30","v1.1.30-rc2","v1.1.30-rc1","v1.1.29","v1.1.29-rc2","v1.1.29-rc1","CVE-2015-7995","v1.1.28","v1.1.27","v1.1.27-rc1","v1.1.26","v1.1.25","1.1.24","1.1.23","LIBXSLT_1_1_22","LIBXSLT_1_1_21","LIBXSLT_1_1_18","LIBXSLT_1_1_17","LIBXSLT_1_1_16","LIBXSLT_1_1_15","LIBXSLT_1_1_14","LIBXSLT_1_1_13","LIBXSLT_1_1_12","LIBXSLT_1_1_11","LIBXSLT_1_1_10","LIBXSLT_1_1_9","LIBXSLT_1_1_8","LIBXSLT_1_1_7","LIBXSLT_1_1_6","LIBXSLT_1_1_5","LIBXSLT_1_1_4","LIBXSLT_1_1_3","LIBXSLT_1_1_2","LIBXSLT_1_1_1","LIBXSLT_1_1_0","LIBXSLT_1_0_33","LIBXSLT_1_0_32","LIBXSLT_1_0_31","LIBXSLT_1_0_30","LIBXSLT_1_0_29","LIBXSLT_1_0_28","LIBXSLT_1_0_27","LIBXSLT_1_0_26","LIBXSLT_1_0_25","LIBXSLT_1_0_24","LIBXSLT_1_0_23","LIBXSLT_1_0_22","LIBXSLT_1_0_21","LIBXSLT_1_0_20","LIBXSLT_1_0_19","LIBXSLT_1_0_18","LIBXSLT_1_0_17","LIBXSLT_1_0_16","LIBXSLT_1_0_14","LIBXSLT_1_0_13","LIBXSLT_1_0_12","LIBXSLT_1_0_11","LIBXSLT_1_0_10","LIBXSLT_1_0_9","LIBXSLT_1_0_8","LIBXSLT_1_0_7","LIBXSLT_1_0_6","LIBXSLT_1_0_5","LIBXSLT_1_0_4","LIBXSLT_1_0_3","LIBXSLT_1_0_2","LIBXSLT_1_0_0","LIBXSLT_0_14_0","LIBXSLT_0_13_0","LIBXSLT_0_12_0","LIBXSLT_0_11_0","LIBXSLT_0_10_0","LIBXSLT_0_9_0","LIBXSLT_0_8_0","LIBXSLT_0_7_0","LIBXSLT_0_6_0","LIXSLT_0_5_0","LIBXSLT_0_4_0","LIBXSLT_0_3_0","LIBXSLT_0_1_0","LIBXSLT_0_0_0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5815.json","vanir_signatures":[{"digest":{"length":759,"function_hash":"58267735804317624405240029486999400972"},"signature_version":"v1","source":"https://gitlab.gnome.org/gnome/libxslt@08b62c25871b38d5d573515ca8a065b4b8f64f6b","signature_type":"Function","deprecated":false,"id":"CVE-2019-5815-399f649f","target":{"function":"xsltNumberFormatGetMultipleLevel","file":"libxslt/numbers.c"}},{"digest":{"threshold":0.9,"line_hashes":["121720564518429366641291202463225839172","24685127460263571936247646782717643229","17140965475988714864065158270243504223","305752983219681536054652204750215997789","139419900630184326391078436869775043110","104706079610682984731976192650452243643","5026437273560794736135464524907504731","263646805853350094167610632244628575181","18831493707583347485089361307806435585","260785505964487345388846799830291840431","158853023515645357103793845626837427159","138255477983206379544042872596889617079","290283910786655020603961732493049558642","324178972341121768885352774555288855514","64308914283566557511000697784438359228","122106523707428544146753691791688186482","115051089363332525015002388520553804873","323103419907046495026699174926942826142","68091106137491600054179544781643836062","130786102974232046291453120968924296821","222896585481638522902086517896722843426","174714327718535983361890062846145674676","322969905134869587311537886641872361740","247854087823649254323157748510415702620","176512172752846759211364823173823566547","3819706359862126055985208531481769551","212334800807507510107440757201563386611","64621679589398616835939926375960582819","272029451199441376148881609707942369978","225750015987555112511618487456361545941","103377669374303583804124221310618727352","57365682843322262260429330970148494609","147652567799686264894501354037494096783","193230284413898735481501990920659511125"]},"signature_version":"v1","source":"https://gitlab.gnome.org/gnome/libxslt@08b62c25871b38d5d573515ca8a065b4b8f64f6b","signature_type":"Line","deprecated":false,"id":"CVE-2019-5815-8dbb46c2","target":{"file":"libxslt/numbers.c"}}],"vanir_signatures_modified":"2026-05-18T14:17:29Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}