CVE-2008-3529

2008-09-1216:56:00

Debian Security Bug Tracker

security-tracker.debian.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

OSVersionArchitecturePackageVersionFilename
Debian12alllibxml2< 2.6.32.dfsg-4libxml2_2.6.32.dfsg-4_all.deb
Debian11alllibxml2< 2.6.32.dfsg-4libxml2_2.6.32.dfsg-4_all.deb
Debian10alllibxml2< 2.6.32.dfsg-4libxml2_2.6.32.dfsg-4_all.deb
Debian999alllibxml2< 2.6.32.dfsg-4libxml2_2.6.32.dfsg-4_all.deb
Debian13alllibxml2< 2.6.32.dfsg-4libxml2_2.6.32.dfsg-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libxml2	< 2.6.32.dfsg-4	libxml2_2.6.32.dfsg-4_all.deb
Debian	11	all	libxml2	< 2.6.32.dfsg-4	libxml2_2.6.32.dfsg-4_all.deb
Debian	10	all	libxml2	< 2.6.32.dfsg-4	libxml2_2.6.32.dfsg-4_all.deb
Debian	999	all	libxml2	< 2.6.32.dfsg-4	libxml2_2.6.32.dfsg-4_all.deb
Debian	13	all	libxml2	< 2.6.32.dfsg-4	libxml2_2.6.32.dfsg-4_all.deb