CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
88.4%
Drew Yao discovered that libxml2 did not correctly handle certain corrupt
XML documents. If a user or automated system were tricked into processing
a malicious XML document, a remote attacker could cause applications
linked against libxml2 to enter an infinite loop, leading to a denial
of service. (CVE-2008-4225)
Drew Yao discovered that libxml2 did not correctly handle large memory
allocations. If a user or automated system were tricked into processing a
very large XML document, a remote attacker could cause applications linked
against libxml2 to crash, leading to a denial of service. (CVE-2008-4226)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.10 | noarch | libxml2 | <Β 2.6.32.dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libxml2 | <Β dbg-2.6.32.dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libxml2 | <Β dev-2.6.32.dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libxml2 | <Β udeb-2.6.32.dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libxml2 | <Β utils-2.6.32.dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | python-libxml2 | <Β 2.6.32.dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | python-libxml2 | <Β dbg-2.6.32.dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libxml2 | <Β 2.6.31.dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libxml2-dbg | <Β 2.6.31.dfsg-2ubuntu1.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | libxml2-dev | <Β 2.6.31.dfsg-2ubuntu1.3 | UNKNOWN |