The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-1953-1 | New expat packages fix denial of service |
![]() |
DSA-1953-2 | New expat packages fix regression |
![]() |
DSA-1977-1 | New python packages fix several vulnerabilities |
![]() |
EUVD-2009-3541 | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. |
![]() |
USN-890-1 | Expat vulnerabilities |
![]() |
USN-890-2 | Python 2.5 vulnerabilities |
![]() |
USN-890-3 | Python 2.4 vulnerabilities |
![]() |
USN-890-4 | PyXML vulnerabilities |
![]() |
USN-890-5 | XML-RPC for C and C++ vulnerabilities |
![]() |
USN-890-6 | CMake vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sun, 13 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-07T06:31:10.684Z
Reserved: 2009-10-05T00:00:00
Link: CVE-2009-3560

No data.

Status : Deferred
Published: 2009-12-04T21:30:00.500
Modified: 2025-04-09T00:30:58.490
Link: CVE-2009-3560


No data.