DEBIAN-CVE-2009-3560

Description

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

Affected Systems

• debian•audacity

  < 1.3.2-1 | < 1.3.2-1 | < 1.3.2-1 | < 1.3.2-1

• debian•cadaver

  all | all | all | all

• debian•cmake

  < 2.6.0-6 | < 2.6.0-6 | < 2.6.0-6 | < 2.6.0-6

• debian•coin3

  all | all | all | all | < 4.0.0~CMake~6f54f1602475+ds1-1 | < 4.0.0~CMake~6f54f1602475+ds1-1 | < 4.0.0~CMake~6f54f1602475+ds1-1 | < 4.0.0~CMake~6f54f1602475+ds1-1

• debian•expat

  < 2.0.1-6 | < 2.0.1-6 | < 2.0.1-6 | < 2.0.1-6

• debian•gdcm

  < 2.0.14-2 | < 2.0.14-2 | < 2.0.14-2 | < 2.0.14-2

• debian•ghostscript

  < 8.71~dfsg-2 | < 8.71~dfsg-2 | < 8.71~dfsg-2 | < 8.71~dfsg-2

• debian•libxmltok

  all | all

• debian•matanza

  all | all | all | all

• debian•mcabber

  < 0.10.0-1 | < 0.10.0-1 | < 0.10.0-1 | < 0.10.0-1

• debian•paraview

  < 3.6.2-1 | < 3.6.2-1 | < 3.6.2-1 | < 3.6.2-1

• debian•poco

  < 1.3.6p1-1 | < 1.3.6p1-1 | < 1.3.6p1-1 | < 1.3.6p1-1

• debian•simgear

  < 2.10.0-1 | < 2.10.0-1 | < 2.10.0-1 | < 2.10.0-1

• debian•tdom

  < 0.8.3~20080525-1 | < 0.8.3~20080525-1 | < 0.8.3~20080525-1 | < 0.8.3~20080525-1

• debian•tla

  < 1.3.5+dfsg-15 | < 1.3.5+dfsg-15

• debian•udunits

  < 2.1.8-4 | < 2.1.8-4 | < 2.1.8-4 | < 2.1.8-4

• debian•xmlrpc-c

  < 1.06.27-1.1 | < 1.06.27-1.1 | < 1.06.27-1.1 | < 1.06.27-1.1

References (1)

• https://security-tracker.debian.org/tracker/CVE-2009-3560