The decode_entities function in util.c in HTML-Parser prior to 3.63 allows context-dependent malicious users to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
derrick oswald html-parser 1.2 |
||
derrick oswald html-parser 1.3 |
||
derrick oswald html-parser 1.00 |
||
derrick oswald html-parser 1.1 |
||
derrick oswald html-parser 1.6 |
||
derrick oswald html-parser |
||
derrick oswald html-parser 1.42 |
||
derrick oswald html-parser 1.5 |
||
derrick oswald html-parser 1.4 |
||
derrick oswald html-parser 1.41 |