In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. CREATE(Triage):(User=admin) [CVE-2019-18197|https://nvd.nist.gov/vuln/detail/CVE-2019-18197]