AZL-43780

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43780.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-43780

Upstream

CVE-2009-3560

Published

2009-12-04T21:30:00Z

Modified

2026-04-01T05:15:18.434196Z

Summary

CVE-2009-3560 affecting package ogdi 4.1.0-9

Details

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

References

https://nvd.nist.gov/vuln/detail/CVE-2009-3560

Affected packages

Azure Linux:2 / ogdi

Package

Name: ogdi
Purl: pkg:rpm/azure-linux/ogdi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.1.0-9

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43780.json"