VDB

CVE-2009-3560

CVE-2009-3560 PUBLISHED

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

EPSS 3.01% · 86.9th percentile

Risk Scores

EPSS Score
3.01%
86.9th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSswish-e2.4.7-5ubuntu1, 0
Ubuntu:20.04:LTSswish-e2.4.7-6build1, 2.4.7-6build2, 0
Ubuntu:18.04:LTSmatanza0.13+ds1-6, 0, 0.13+ds1-5build1
Ubuntu:22.04:LTSmatanza0.13+ds2-1, 0
Ubuntu:25.10sitecopy1:0.16.6-16build1, 1:0.16.6-16, 0
Ubuntu:16.04:LTSswish-e2.4.7-4build1, 2.4.7-4, 0
Ubuntu:24.04:LTSmatanza*, 0.13+ds2-1build1, 0.13+ds2-1build2
Ubuntu:22.04:LTSswish-e0, 2.4.7-6.1build1, 2.4.7-6build3
Ubuntu:16.04:LTSmatanza0.13+ds1-5, 0
Ubuntu:18.04:LTScoin33.1.4~abc9f50+dfsg3-2, 3.1.4~abc9f50+dfsg3-1, 3.1.4~abc9f50+dfsg2-1
Ubuntu:20.04:LTSmatanza0, 0.13+ds1-6, 0.13+ds2-1
Ubuntu:Pro:16.04:LTScoin3*, 3.1.4~abc9f50+dfsg1-1, 0
Ubuntu:16.04:LTScableswig0, *, *
Ubuntu:Pro:14.04:LTScoin30, 3.1.4~abc9f50-4, 3.1.4~abc9f50-4ubuntu2
Ubuntu:25.10swish-e0, 2.4.7-6.3build1, 2.4.7-7
Ubuntu:24.04:LTSswish-e2.4.7-6.2build1, 0, 2.4.7-6.2build3
Ubuntu:25.10matanza0, 0.13+ds2-2

Exploit Intelligence

…and 26 more exploits

Timeline

  • Dec 4, 2009 CVE Published
  • Feb 14, 2016 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Nov 8, 2023 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Mar 21, 2025 EPSS Score
  • Mar 25, 2025 EPSS Score
  • Mar 26, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 1, 2025 EPSS Score
  • Apr 2, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›