Unrated severityNVD Advisory· Published Nov 25, 2008· Updated Apr 23, 2026

CVE-2008-4225

Description

Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.

Affected products

Xmlsoft/Libxml
cpe:2.3:a:xmlsoft:libxml:2.7.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/32764nvdPatch
www.debian.org/security/2008/dsa-1666nvdPatch
www.securityfocus.com/bid/32331nvdPatch
admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10nvdPatch
admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9nvdPatch
secunia.com/advisories/32762nvdVendor Advisory
secunia.com/advisories/32766nvdVendor Advisory
secunia.com/advisories/32773nvdVendor Advisory
secunia.com/advisories/32802nvdVendor Advisory
secunia.com/advisories/32807nvdVendor Advisory
secunia.com/advisories/32811nvdVendor Advisory
lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlnvd
lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlnvd
secunia.com/advisories/32974nvd
secunia.com/advisories/33417nvd
secunia.com/advisories/33746nvd
secunia.com/advisories/33792nvd
secunia.com/advisories/34247nvd
secunia.com/advisories/35379nvd
secunia.com/advisories/36173nvd
secunia.com/advisories/36235nvd
security.gentoo.org/glsa/glsa-200812-06.xmlnvd
securitytracker.com/idnvd
slackware.com/security/viewer.phpnvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
support.apple.com/kb/HT3613nvd
support.apple.com/kb/HT3639nvd
support.avaya.com/elmodocs2/security/ASA-2009-002.htmnvd
support.avaya.com/elmodocs2/security/ASA-2009-067.htmnvd
wiki.rpath.com/Advisories:rPSA-2008-0325nvd
www.mandriva.com/security/advisoriesnvd
www.osvdb.org/49992nvd
www.redhat.com/support/errata/RHSA-2008-0988.htmlnvd
www.ubuntu.com/usn/usn-673-1nvd
www.vmware.com/security/advisories/VMSA-2009-0001.htmlnvd
www.vupen.com/english/advisories/2008/3176nvd
www.vupen.com/english/advisories/2009/0034nvd
www.vupen.com/english/advisories/2009/0301nvd
www.vupen.com/english/advisories/2009/0323nvd
www.vupen.com/english/advisories/2009/1522nvd
www.vupen.com/english/advisories/2009/1621nvd
bugzilla.redhat.com/show_bug.cginvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10025nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6234nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6415nvd
www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.htmlnvd
www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000