CVE-2008-3529

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0740%

EPSS Percentile8.94th

PublishedSep 12, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Affected Platforms (CPE)

📦

Xmlsoft

Libxml2

< 2.7.0

💻

Debian

Debian Linux

= 4.0

💻

Canonical

Ubuntu Linux

= 6.06

💻

Canonical

Ubuntu Linux

= 6.06

💻

Canonical

Ubuntu Linux

= 7.04

💻

Canonical

Ubuntu Linux

= 7.10

💻

Canonical

Ubuntu Linux

= 8.04

💻

Canonical

Ubuntu Linux

= 8.04

💻

Canonical

Ubuntu Linux

= 8.10

💻

Canonical

Ubuntu Linux

= 9.04

📦

Apple

Safari

< 4.0

📦

Apple

Safari

>= 3.2.0 and < 3.2.3

💻

Apple

Iphone Os

< 3.0

💻

Apple

Mac Os X

< 10.5.7

💻

Apple

Mac Os X

= 10.5.7

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

🔗 http://lists.apple.com/archives/security-announce/2009/May/msg00000.html

🔗 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

🔗 http://secunia.com/advisories/31558

🔗 http://secunia.com/advisories/31855

🔗 http://secunia.com/advisories/31860

🔗 http://secunia.com/advisories/31868

Vulnerability Description

Affected Platforms (CPE)

Libxml2

Debian Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Safari

Safari

Iphone Os

Mac Os X

Mac Os X

References & Advisories

Related Vulnerabilities