CVE-2009-2625: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20…

medium5CVSS 3.1

AVNACLAuNCNINAP

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

Affected

71 ranges· showing 25

Vendor	Product	Version range	Fixed in
apache	http_server	>= 2.0.35 < 2.0.64	2.0.64
apache	http_server	>= 2.2.0 < 2.2.17	2.2.17
apache	xerces2_java	—	—
artifex	ghostscript	>= 0 < 8.71~dfsg-2	8.71~dfsg-2
artifex	ghostscript	>= 0 < 8.71~dfsg-2	8.71~dfsg-2
artifex	ghostscript	>= 0 < 8.71~dfsg-2	8.71~dfsg-2
artifex	ghostscript	>= 0 < 8.71~dfsg-2	8.71~dfsg-2
audacityteam	audacity	>= 0 < 1.3.2-1	1.3.2-1
audacityteam	audacity	>= 0 < 1.3.2-1	1.3.2-1
audacityteam	audacity	>= 0 < 1.3.2-1	1.3.2-1
audacityteam	audacity	>= 0 < 1.3.2-1	1.3.2-1
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	audacity	< audacity 1.3.2-1 (bookworm)	audacity 1.3.2-1 (bookworm)
debian	cadaver	< audacity 1.3.2-1 (bookworm)	audacity 1.3.2-1 (bookworm)
debian	cmake	< audacity 1.3.2-1 (bookworm)	audacity 1.3.2-1 (bookworm)
debian	coin3	< audacity 1.3.2-1 (bookworm)	audacity 1.3.2-1 (bookworm)
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	expat	< audacity 1.3.2-1 (bookworm)	audacity 1.3.2-1 (bookworm)
debian	gdcm	< audacity 1.3.2-1 (bookworm)	audacity 1.3.2-1 (bookworm)
debian	ghostscript	< audacity 1.3.2-1 (bookworm)	audacity 1.3.2-1 (bookworm)

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

osv5.0MEDIUM