CVE-2009-3627 — libhtml-parser-perl - denial of service

Description

The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.

How to fix CVE-2009-3627

To remediate CVE-2009-3627, upgrade the affected package to a fixed version below.

Debian/libhtml-parser-perl—upgrade to 3.64-1 or later
Debian/libhtml-parser-perl—upgrade to 3.55-1+etch1 or later

Is CVE-2009-3627 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 3.64-1
from 0, < 3.55-1+etch1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-3627