This issue affects the versions of libxslt as shipped with Kylin Enterprise Linux 5, 6, 7 and 8. Kylin Product Security has rated this issue as having a security impact of Low.
Kylin Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/.
For additional information, refer to the Issue Severity Classification: https://access.Kylin.com/security/updates/classification/.
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.