Описание
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| expat | fixed | 2.0.1-6 | package | |
| libxmltok | removed | package | ||
| libxmltok | ignored | bookworm | package | |
| mcabber | fixed | 0.10.0-1 | package | |
| mcabber | no-dsa | lenny | package | |
| w3c-libwww | removed | package | ||
| w3c-libwww | no-dsa | etch | package | |
| python-xml | removed | package | ||
| python-xml | no-dsa | etch | package | |
| python-xml | fixed | 0.8.4-10.1+lenny1 | lenny | package |
| python2.5 | fixed | 2.5.4-3.1 | package | |
| python2.4 | fixed | 2.4.4-3+etch3 | package | |
| python2.6 | fixed | 2.6.4-4 | package | |
| python-4suite | fixed | 1.0.2-7.2 | package | |
| python-4suite | no-dsa | etch | package | |
| python-4suite | no-dsa | lenny | package | |
| wxwindows2.4 | removed | package | ||
| wxwidgets2.6 | fixed | 2.6.3.2.2-4 | package | |
| wxwidgets2.8 | fixed | 2.8.10.1-2 | package | |
| audacity | fixed | 1.3.2-1 | package | |
| matanza | unfixed | package | ||
| tdom | fixed | 0.8.3~20080525-1 | package | |
| tdom | no-dsa | etch | package | |
| udunits | fixed | 2.1.8-4 | package | |
| ayttm | fixed | 0.6.1-2 | package | |
| ayttm | no-dsa | etch | package | |
| ayttm | no-dsa | lenny | package | |
| cableswig | removed | package | ||
| cadaver | unfixed | package | ||
| cmake | fixed | 2.6.0-6 | package | |
| coin3 | unfixed | package | ||
| gdcm | fixed | 2.0.14-2 | package | |
| ghostscript | fixed | 8.71~dfsg-2 | package | |
| gs-gpl | removed | package | ||
| grmonitor | removed | package | ||
| iceape | removed | package | ||
| insighttoolkit | fixed | 3.16.0-1 | package | |
| paraview | fixed | 3.6.2-1 | package | |
| poco | fixed | 1.3.6p1-1 | package | |
| simgear | fixed | 2.10.0-1 | package | |
| smart | fixed | 1.2-5.1 | package | |
| smart | no-dsa | etch | package | |
| smart | no-dsa | lenny | package | |
| tla | fixed | 1.3.5+dfsg-15 | package | |
| tla | fixed | 1.3.5+dfsg-14+lenny1 | lenny | package |
| xmlrpc-c | fixed | 1.06.27-1.1 | package | |
| xmlrpc-c | no-dsa | etch | package | |
| xmlrpc-c | no-dsa | lenny | package | |
| iceweasel | not-affected | package | ||
| kompozer | fixed | 1:0.8~b1-2 | package | |
| vxl | fixed | 1.13.0-2 | package | |
| xulrunner | unfixed | package | ||
| texlive-bin | not-affected | package | ||
| vnc4 | not-affected | package | ||
| xotcl | not-affected | package |
Связанные уязвимости
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации