VYPR
Unrated severityNVD Advisory· Published Oct 29, 2009· Updated Jun 16, 2026

CVE-2009-3627

CVE-2009-3627

Description

The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • cpe:2.3:a:derrick_oswald:html-parser:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:derrick_oswald:html-parser:*:*:*:*:*:*:*:*range: <=3.54
    • cpe:2.3:a:derrick_oswald:html-parser:1.00:*:*:*:*:*:*:*
    • cpe:2.3:a:derrick_oswald:html-parser:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:derrick_oswald:html-parser:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:derrick_oswald:html-parser:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:derrick_oswald:html-parser:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:derrick_oswald:html-parser:1.41:*:*:*:*:*:*:*
    • cpe:2.3:a:derrick_oswald:html-parser:1.42:*:*:*:*:*:*:*
    • cpe:2.3:a:derrick_oswald:html-parser:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:derrick_oswald:html-parser:1.6:*:*:*:*:*:*:*
  • Range: <3.63

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.