CVE-2008-3529

EPSS 56.6%

libxml2 - execution of arbitrary code

Published: 9/12/2008Modified: 4/28/2026

Description

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Affected packages (2)

Debian/libxml2from 0, < 2.6.32.dfsg-4
Debian/libxml2from 0, < 2.6.27.dfsg-5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-3529