It was discovered that libxml2, the GNOME XML library, didn’t correctly
handle long entity names. This could allow the execution of arbitrary
code via a malicious XML file.

For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-5.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-4.

We recommend that you upgrade your libxml2 package.

CPENameOperatorVersion
libxml2eq2.6.27.dfsg-2
libxml2eq2.6.27.dfsg-3
libxml2eq2.6.27.dfsg-1
libxml2eq2.6.27.dfsg-4

Name	Operator	Version
libxml2	eq	2.6.27.dfsg-2
libxml2	eq	2.6.27.dfsg-3
libxml2	eq	2.6.27.dfsg-1
libxml2	eq	2.6.27.dfsg-4

References

www.debian.org/security/2008/dsa-1654

nessus 64

seebug 3

veracode 1

debian 1

openvas 44

oraclelinux 1

packetstorm 2

redhat 2

ubuntucve 1

exploitpack 1

checkpoint_advisories 1

securityvulns 5

prion 1

debiancve 1

centos 2

cve 1

exploitdb 1

ubuntu 2

freebsd 1

vmware 2

gentoo 1

nessus

Solaris 10 (x86) : 125732-12

2018-03-12 00:00:00

Debian DSA-1654-1 : libxml2 - buffer overflow

2008-10-15 00:00:00

Solaris 9 (x86) : 114015-28

2004-07-12 00:00:00

seebug

libxml XML实体名堆溢出漏洞

2008-09-22 00:00:00

Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC

2009-05-27 00:00:00

libxml XML实体名堆缓冲区溢出漏洞

2008-09-14 00:00:00

veracode

Denial Of Service (DoS)

2021-11-09 03:48:07

debian

[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code

2008-10-14 18:04:50

openvas

CentOS Update for libxml2 CESA-2008:0884 centos3 x86_64

2009-02-27 00:00:00

CentOS Update for libxml2 CESA-2008:0884 centos3 i386

2009-02-27 00:00:00

RedHat Update for libxml2 RHSA-2008:0884-01

2009-03-06 00:00:00

oraclelinux

libxml2 security update

2008-09-11 00:00:00

packetstorm

Safari RSS feed:// Buffer Overflow

2009-05-27 00:00:00

Netragard Security Advisory 2009-06-22

2009-06-23 00:00:00

redhat

(RHSA-2008:0884) Important: libxml2 security update

2008-09-11 00:00:00

(RHSA-2008:0886) Important: libxml2 security update

2008-09-11 00:00:00

ubuntucve

CVE-2008-3529

2008-09-12 00:00:00

exploitpack

Apple Safari - RSS feed: Buffer Overflow via libxml2 (PoC)

2009-05-26 00:00:00

checkpoint_advisories

Multiple Products libxml2 XML File Processing Entity Name Buffer Overflow (CVE-2008-3529)

2010-02-01 00:00:00

securityvulns

[Full-disclosure] [NETRAGARD SECURITY ADVISORY] [< Safari 3.2.3 Arbitrary Code Execution + PoC ][NETRAGARD-20090622]

2009-06-22 00:00:00

[Full-disclosure] [NETRAGARD SECURITY ADVISORY] [< Safari 3.2.3 Arbitrary Code Execution + PoC ][NETRAGARD-20090622]

2009-06-22 00:00:00

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

2009-06-21 00:00:00

prion

Heap overflow

2008-09-12 16:56:00

debiancve

CVE-2008-3529

2008-09-12 16:56:00

centos

libxml2 security update

2008-09-11 20:48:40

libxml2 security update

2008-09-12 01:23:56

cve

CVE-2008-3529

2008-09-12 16:56:00

exploitdb

Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)

2009-05-26 00:00:00

ubuntu

libxml2 vulnerabilities

2008-09-11 00:00:00

libxml2 vulnerabilities

2009-08-11 00:00:00

freebsd

libxml2 -- two vulnerabilities

2008-08-22 00:00:00

vmware

Updated ESX packages for libxml2, ucd-snmp, libtiff

2008-10-31 00:00:00

Updated ESX packages for libxml2, ucd-snmp, libtiff

2008-10-31 00:00:00

gentoo

libxml2: Multiple vulnerabilities

2008-12-02 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for OSV:DSA-1654-1