Unrated severityNVD Advisory· Published Oct 3, 2008· Updated Jun 16, 2026
CVE-2008-4409
CVE-2008-4409
Description
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords2 versionspkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-libxml2&distro=openSUSE%20Tumbleweed
< 2.9.4-1.22+ 1 more
- (no CPE)range: < 2.9.4-1.22
- (no CPE)range: < 2.9.4-1.4
Patches
Vulnerability mechanics
References
18- bugzilla.gnome.org/show_bug.cginvdExploit
- lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlnvd
- lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlnvd
- openwall.com/lists/oss-security/2008/10/02/4nvd
- secunia.com/advisories/32130nvd
- secunia.com/advisories/32175nvd
- secunia.com/advisories/32974nvd
- secunia.com/advisories/35379nvd
- security.gentoo.org/glsa/glsa-200812-06.xmlnvd
- support.apple.com/kb/HT3613nvd
- support.apple.com/kb/HT3639nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/31555nvd
- www.vupen.com/english/advisories/2009/1522nvd
- www.vupen.com/english/advisories/2009/1621nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45633nvd
- www.redhat.com/archives/fedora-package-announce/2008-October/msg00125.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-October/msg00130.htmlnvd
News mentions
0No linked articles in our index yet.