CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-4226

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile4.57th
Published2008年11月25日
Last Modified2026年4月23日

Vulnerability Description

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

Affected Platforms (CPE)

📦
Xmlsoft

Libxml

= 2.7.2

References & Advisories

🔗 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
🔗 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
🔗 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
🔗 http://secunia.com/advisories/32762
🔗 http://secunia.com/advisories/32764
🔗 http://secunia.com/advisories/32766
🔗 http://secunia.com/advisories/32773

相关漏洞威胁

CVE-2004-098910.0

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut...

CVE-2017-106729.8

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling t...

CVE-2015-88669.6

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_di...

CVE-2010-14159.3

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly ha...