| Package | libxslt |
|---|---|
| Version | 1.1.26-14.1+deb7u7 |
| Related CVEs | CVE-2019-18197 |
A security vulnerability was discovered in libxslt, a XSLT 1.0 processing library written in C.
In xsltCopyText in transform.c, a pointer variable is not reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
For Debian 7 Wheezy, these problems have been fixed in version 1.1.26-14.1+deb7u7.
We recommend that you upgrade your libxslt packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.