FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

expat2 -- buffer over-read and crash

Affected packages
expat2 < 2.0.1_1

Details

VuXML ID e9fca207-e399-11de-881e-001aa0166822
Discovery 2009-10-05
Entry 2009-12-08

CVE reports:

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c.

References

CVE Name CVE-2009-3560