CVE-2008-3529

EPSS 56.6%

libxml2 - execution of arbitrary code

發布日:2008/9/12修改日:2026/4/28

也稱為:DEBIAN-CVE-2008-3529

描述

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

受影響套件(2)

Debian/libxml2from 0, < 2.6.32.dfsg-4
Debian/libxml2from 0, < 2.6.27.dfsg-5

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-3529