CVE-2008-3529
libxml2 - execution of arbitrary code
EPSS 56.6%
Description
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
How to fix CVE-2008-3529
To remediate CVE-2008-3529, upgrade the affected package to a fixed version below.
- Debian/libxml2—upgrade to 2.6.32.dfsg-4 or later
- Debian/libxml2—upgrade to 2.6.27.dfsg-5 or later
Is CVE-2008-3529 being exploited?
Likely — EPSS is 56.6%, placing CVE-2008-3529 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 2.6.32.dfsg-4
- from 0, < 2.6.27.dfsg-5