Description
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.0.x Remote File Inclusion (1.0.11 - 1.0.14)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (4.15.42)
WordPress Plugin Import all XML, CSV & TXT into WordPress Server-Side Request Forgery (6.5.2)
Oracle Application Server Other Vulnerability (CVE-2001-1372)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2080)