Derrick Oswald » Html-parser : Security Vulnerabilities, CVEs, CVSS score >= 2
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
Max CVSS
4.3
EPSS Score
0.22%
Published
2009-10-29
Updated
2017-08-17
1 vulnerabilities found