In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn’t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. (CVE-2019-18197)
Impact
This vulnerability may lead to referencing memory after it has been freed and can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw.