VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 12, 2008· Updated Apr 23, 2026

CVE-2008-3529

CVE-2008-3529

Description

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Affected products

14
  • Apple Inc./Safari
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Range: <4.0
  • Xmlsoft/Libxml2
    cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
    Range: <2.7.0
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <3.0
  • Apple Inc./Mac Os X2 versions
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*range: <10.5.7
    • cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
  • Canonical/Ubuntu Linux8 versions
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

53

News mentions

0

No linked articles in our index yet.