Description
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Remediation
References
Related Vulnerabilities
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-29517)
Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6563)
Envoy Proxy Use After Free Vulnerability (CVE-2023-35943)
WordPress Plugin Testimonial-Best Testimonial Slider Cross-Site Scripting (2.1.6)
WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)