Vulnetix
Try Vulnetix Request Demo
CVE-2009-3720 PUBLISHED

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

EPSS 1.54% · 81.3th percentile

Risk Scores

EPSS Score
1.54%
81.3th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSinsighttoolkit3.20.1+git20120521-6build1, 0, 3.20.1+git20120521-6
Ubuntu:25.10swish-e2.4.7-6.3, 0, 2.4.7-7
Ubuntu:18.04:LTScadaver0.23.3-2ubuntu3, 0
Ubuntu:20.04:LTSmatanza0.13+ds2-1, 0, 0.13+ds1-6
Ubuntu:24.04:LTSswish-e2.4.7-6.2build1, 2.4.7-6.2build2, 2.4.7-6.2build3
Ubuntu:25.10coin34.0.3+ds-2, 0
Ubuntu:20.04:LTScoin34.0.0~CMake~6f54f1602475+ds1-3, 0, 4.0.0+ds-1build1
Ubuntu:25.10matanza0, 0.13+ds2-2
Ubuntu:20.04:LTSswish-e0, 2.4.7-6build2, 2.4.7-6build1
Ubuntu:22.04:LTSswish-e0, 2.4.7-6.1build1, 2.4.7-6.1
Ubuntu:Pro:16.04:LTScoin33.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1, 0, 3.1.4~abc9f50+dfsg1-1
Ubuntu:16.04:LTScadaver0, 0.23.3-2ubuntu2
Ubuntu:25.10sitecopy0, 1:0.16.6-16, 1:0.16.6-16build1
Ubuntu:25.10cadaver0, 0.26+dfsg-2
Ubuntu:Pro:14.04:LTScoin33.1.4~abc9f50-4, 3.1.4~abc9f50-4ubuntu2, 3.1.4~abc9f50-3
Ubuntu:22.04:LTSmatanza0, 0.13+ds2-1
Ubuntu:22.04:LTScoin30, 4.0.0+ds-1build1, 4.0.0+ds-2
Ubuntu:24.04:LTScoin34.0.0+ds-5, 4.0.2+ds-1.1ubuntu2, 4.0.2+ds-1.1ubuntu1
Ubuntu:16.04:LTSswish-e0, 2.4.7-4, 2.4.7-4build1
Ubuntu:18.04:LTSmatanza0.13+ds1-6, 0.13+ds1-5build1, 0

…and 8 more

Timeline

References

Open in Interactive Console →