CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-3529

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0740%
EPSS Percentile8.94th
Published2008年9月12日
Last Modified2026年4月23日

Vulnerability Description

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Affected Platforms (CPE)

📦
Xmlsoft

Libxml2

< 2.7.0
💻
Debian

Debian Linux

= 4.0
💻
Canonical

Ubuntu Linux

= 6.06
💻
Canonical

Ubuntu Linux

= 6.06
💻
Canonical

Ubuntu Linux

= 7.04
💻
Canonical

Ubuntu Linux

= 7.10
💻
Canonical

Ubuntu Linux

= 8.04
💻
Canonical

Ubuntu Linux

= 8.04
💻
Canonical

Ubuntu Linux

= 8.10
💻
Canonical

Ubuntu Linux

= 9.04
📦
Apple

Safari

< 4.0
📦
Apple

Safari

>= 3.2.0 and < 3.2.3
💻
Apple

Iphone Os

< 3.0
💻
Apple

Mac Os X

< 10.5.7
💻
Apple

Mac Os X

= 10.5.7

References & Advisories

🔗 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
🔗 http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
🔗 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
🔗 http://secunia.com/advisories/31558
🔗 http://secunia.com/advisories/31855
🔗 http://secunia.com/advisories/31860
🔗 http://secunia.com/advisories/31868

相關漏洞威脅

CVE-2008-422610.0

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of servic...

CVE-2004-098910.0

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut...

CVE-2017-73759.8

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity subst...

CVE-2017-169319.8

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReferen...