FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-HTML-Parser -- denial of service

Affected packages
p5-HTML-Parser < 3.63

Details

VuXML ID 68bda678-caab-11de-a97e-be89dfd1042e
Discovery 2009-10-23
Entry 2009-11-06

CVE reports:

The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.

References

Bugtraq ID 36807
CVE Name CVE-2009-3627
URL http://secunia.com/advisories/37155