{"id":"AZL-43780","summary":"CVE-2009-3560 affecting package ogdi 4.1.0-9","details":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","modified":"2026-04-01T05:15:18.434196Z","published":"2009-12-04T21:30:00Z","upstream":["CVE-2009-3560"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3560"}],"affected":[{"package":{"name":"ogdi","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/ogdi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"4.1.0-9"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43780.json"}}],"schema_version":"1.7.5"}