{"id":"UBUNTU-CVE-2009-3560","details":"The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.","modified":"2026-05-28T04:15:11.868560971Z","published":"2009-12-04T00:00:00Z","related":["USN-890-1","USN-890-2","USN-890-3","USN-890-4","USN-890-5","USN-890-6"],"upstream":["CVE-2009-3560"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2009-3560"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-890-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-890-2"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-890-3"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-890-4"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-890-5"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-890-6"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2009-3560"}],"affected":[{"package":{"name":"coin3","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/coin3?arch=source&distro=esm-infra-legacy%2Ftrusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.1.4~abc9f50-3","3.1.4~abc9f50-4","3.1.4~abc9f50-4ubuntu2","3.1.4~abc9f50-4ubuntu2+esm1","3.1.4~abc9f50-4ubuntu2+esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"libcoin80","binary_version":"3.1.4~abc9f50-4ubuntu2+esm2"},{"binary_name":"libcoin80-runtime","binary_version":"3.1.4~abc9f50-4ubuntu2+esm2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"cableswig","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/cableswig?arch=source&distro=esm-apps-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.1.0+git20150808-1","0.1.0+git20150808-2","0.1.0+git20150808-2ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"cableswig","binary_version":"0.1.0+git20150808-2ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"coin3","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/coin3?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.1.4~abc9f50+dfsg1-1","3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1","3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"libcoin80-runtime","binary_version":"3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm2"},{"binary_name":"libcoin80v5","binary_version":"3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"matanza","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/matanza?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.13+ds1-5"],"ecosystem_specific":{"binaries":[{"binary_name":"matanza","binary_version":"0.13+ds1-5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"swish-e","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/swish-e?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.7-4","2.4.7-4build1","2.4.7-4ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"swish-e","binary_version":"2.4.7-4ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"coin3","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/coin3?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.1.4~abc9f50+dfsg1-2","3.1.4~abc9f50+dfsg2-1","3.1.4~abc9f50+dfsg3-1","3.1.4~abc9f50+dfsg3-2","3.1.4~abc9f50+dfsg3-2ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"libcoin80-runtime","binary_version":"3.1.4~abc9f50+dfsg3-2ubuntu0.1~esm1"},{"binary_name":"libcoin80v5","binary_version":"3.1.4~abc9f50+dfsg3-2ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"matanza","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/matanza?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.13+ds1-5build1","0.13+ds1-6"],"ecosystem_specific":{"binaries":[{"binary_name":"matanza","binary_version":"0.13+ds1-6"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"swish-e","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/swish-e?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.7-5ubuntu1","2.4.7-5ubuntu1+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"swish-e","binary_version":"2.4.7-5ubuntu1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"matanza","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/matanza?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.13+ds1-6","0.13+ds2-1"],"ecosystem_specific":{"binaries":[{"binary_name":"matanza","binary_version":"0.13+ds2-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"swish-e","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/swish-e?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.7-6build1","2.4.7-6build2","2.4.7-6ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"swish-e","binary_version":"2.4.7-6ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"matanza","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/matanza?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.13+ds2-1"],"ecosystem_specific":{"binaries":[{"binary_name":"matanza","binary_version":"0.13+ds2-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"swish-e","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/swish-e?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.7-6build3","2.4.7-6.1","2.4.7-6.1build1","2.4.7-6.1ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"swish-e","binary_version":"2.4.7-6.1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"matanza","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/matanza?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.13+ds2-1","0.13+ds2-1build1","0.13+ds2-1build2"],"ecosystem_specific":{"binaries":[{"binary_name":"matanza","binary_version":"0.13+ds2-1build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"swish-e","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/swish-e?arch=source&distro=esm-apps%2Fnoble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.7-6.2","2.4.7-6.2build1","2.4.7-6.2build2","2.4.7-6.2build3","2.4.7-6.2ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"swish-e","binary_version":"2.4.7-6.2ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"matanza","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/matanza?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.13+ds2-2"],"ecosystem_specific":{"binaries":[{"binary_name":"matanza","binary_version":"0.13+ds2-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"sitecopy","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/sitecopy?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:0.16.6-16","1:0.16.6-16build1"],"ecosystem_specific":{"binaries":[{"binary_name":"sitecopy","binary_version":"1:0.16.6-16build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"swish-e","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/swish-e?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.7-6.3","2.4.7-6.3build1","2.4.7-7"],"ecosystem_specific":{"binaries":[{"binary_name":"swish-e","binary_version":"2.4.7-7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"matanza","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/matanza?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.13+ds2-2","0.13+ds2-2build1"],"ecosystem_specific":{"binaries":[{"binary_name":"matanza","binary_version":"0.13+ds2-2build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"paraview","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/paraview?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.13.2+dfsg-3","5.13.2+dfsg-3ubuntu1","5.13.2+dfsg-3.1","6.0.1+dfsg1-6ubuntu1","6.0.1+dfsg1-7"],"ecosystem_specific":{"binaries":[{"binary_name":"paraview","binary_version":"6.0.1+dfsg1-7"},{"binary_name":"python3-paraview","binary_version":"6.0.1+dfsg1-7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"sitecopy","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/sitecopy?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:0.16.6-16build1"],"ecosystem_specific":{"binaries":[{"binary_name":"sitecopy","binary_version":"1:0.16.6-16build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}},{"package":{"name":"swish-e","ecosystem":"Ubuntu:Pro:26.04:LTS","purl":"pkg:deb/ubuntu/swish-e?arch=source&distro=esm-apps%2Fresolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.7-7","2.4.7-7.1","2.4.7-7.1ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"swish-e","binary_version":"2.4.7-7.1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-3560.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}