libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
{ "vanir_signatures": [ { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "function_hash": "302416921412859415376096746446527180075", "length": 1645.0 }, "deprecated": false, "signature_type": "Function", "id": "CVE-2019-11068-0db44094", "signature_version": "v1", "target": { "function": "xsltParseStylesheetImport", "file": "libxslt/imports.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "line_hashes": [ "140032315845821796802752775307963626919", "213217011618512885795834152198975711490", "226116215600954996150777246084535115480", "186212241064506231879703455046072025342", "286563214419529547555945137053722022774", "326546873208965902369979429190161724601", "316688534615298657799450951185100178784" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2019-11068-154d8152", "signature_version": "v1", "target": { "file": "libxslt/xslt.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "line_hashes": [ "85197162534367973800327175405805729261", "242322063007795290270019507664519251725", "143940344313547574587645136104783274540", "228787933629541537163197103905468215159", "179265513524088567783138913366521859924", "110056734750921969617038576298525954929", "310569582871120465384699988241425545575" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2019-11068-3064eeb4", "signature_version": "v1", "target": { "file": "libxslt/imports.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "line_hashes": [ "314011119010095647014477432094708461628", "16267224672623018506906692486928113128", "62092043479254313971681097274583898857", "125016796470570232654018743904308459162", "217218303520523696049496046179453405816", "170373645481298204357515116471410137281", "241154543692016859613236090630400963155", "186742267024944420359121909199236615256", "17902529306953328973111081281617669624", "82612625329044732956509656205848245461", "145558063285484301343146595397148944961", "268905623376274552184164890426168339579", "278265835298245213571320986700743344857", "241154543692016859613236090630400963155" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2019-11068-4acbe75f", "signature_version": "v1", "target": { "file": "libxslt/documents.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "function_hash": "209985456054976489622231891923134047522", "length": 778.0 }, "deprecated": false, "signature_type": "Function", "id": "CVE-2019-11068-6c4af62f", "signature_version": "v1", "target": { "function": "xsltLoadStyleDocument", "file": "libxslt/documents.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "line_hashes": [ "90387017709684578344532056308518715629", "169296172446583580066508587657545684622", "129557452112480492416004573798242511670", "264518243095327234110828047005224829200", "161915831349098538764366124637545373781", "173532098141804122581359035813162260735", "25220346494832457339677042270878882370" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2019-11068-8fc6981e", "signature_version": "v1", "target": { "file": "libxslt/transform.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "function_hash": "250888866097497092461426752487096200325", "length": 10469.0 }, "deprecated": false, "signature_type": "Function", "id": "CVE-2019-11068-a932385c", "signature_version": "v1", "target": { "function": "xsltDocumentElem", "file": "libxslt/transform.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "function_hash": "23362803898696358080868369925092806868", "length": 806.0 }, "deprecated": false, "signature_type": "Function", "id": "CVE-2019-11068-f264928b", "signature_version": "v1", "target": { "function": "xsltParseStylesheetFile", "file": "libxslt/xslt.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxslt@e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "digest": { "function_hash": "180039127365859454326425206242842232800", "length": 1200.0 }, "deprecated": false, "signature_type": "Function", "id": "CVE-2019-11068-f98af468", "signature_version": "v1", "target": { "function": "xsltLoadDocument", "file": "libxslt/documents.c" } } ] }