CVE-2009-3627

NameCVE-2009-3627
DescriptionThe decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1923-1
Debian Bugs552531

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libhtml-parser-perl (PTS)bullseye3.75-1fixed
bookworm3.81-1fixed
sid, trixie3.83-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libhtml-parser-perlsourceetch3.55-1+etch1DSA-1923-1
libhtml-parser-perlsourcelenny3.56-1+lenny1DSA-1923-1
libhtml-parser-perlsource(unstable)3.64-1552531

Notes

http://secunia.com/advisories/37155/
Search for package or bug name: Reporting problems