Unrated severityNVD Advisory· Published Oct 29, 2009· Updated Jun 16, 2026
CVE-2009-3627
CVE-2009-3627
Description
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:derrick_oswald:html-parser:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:derrick_oswald:html-parser:*:*:*:*:*:*:*:*range: <=3.54
- cpe:2.3:a:derrick_oswald:html-parser:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:derrick_oswald:html-parser:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:derrick_oswald:html-parser:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:derrick_oswald:html-parser:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:derrick_oswald:html-parser:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:derrick_oswald:html-parser:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:derrick_oswald:html-parser:1.42:*:*:*:*:*:*:*
- cpe:2.3:a:derrick_oswald:html-parser:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:derrick_oswald:html-parser:1.6:*:*:*:*:*:*:*
- Range: <3.63
Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2009/10/23/9nvdPatch
- www.securityfocus.com/bid/36807nvdPatch
- www.vupen.com/english/advisories/2009/3022nvdPatchVendor Advisory
- issues.apache.org/SpamAssassin/show_bug.cginvdPatch
- secunia.com/advisories/37155nvdVendor Advisory
- github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4cnvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/53941nvd
News mentions
0No linked articles in our index yet.