Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-frd7-r2rj-s7c7
Vulnerability ID VCID-frd7-r2rj-s7c7
Aliases CVE-2008-3529
Summary Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-122 Heap-based Buffer Overflow
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2008-3529
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3529.json
https://api.first.org/data/v1/epss?cve=CVE-2008-3529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
http://secunia.com/advisories/31558
http://secunia.com/advisories/31855
http://secunia.com/advisories/31860
http://secunia.com/advisories/31868
http://secunia.com/advisories/31982
http://secunia.com/advisories/32265
http://secunia.com/advisories/32280
http://secunia.com/advisories/32807
http://secunia.com/advisories/32974
http://secunia.com/advisories/33715
http://secunia.com/advisories/33722
http://secunia.com/advisories/35056
http://secunia.com/advisories/35074
http://secunia.com/advisories/35379
http://secunia.com/advisories/36173
http://secunia.com/advisories/36235
http://security.gentoo.org/glsa/glsa-200812-06.xml
http://securitytracker.com/id?1020855
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3550
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
https://www.exploit-db.com/exploits/8798
http://wiki.rpath.com/Advisories:rPSA-2008-0325
http://www.debian.org/security/2008/dsa-1654
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
http://www.redhat.com/support/errata/RHSA-2008-0884.html
http://www.redhat.com/support/errata/RHSA-2008-0886.html
http://www.securityfocus.com/bid/31126
http://www.ubuntu.com/usn/USN-815-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2008/2822
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1298
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://xmlsoft.org/news.html
461015 https://bugzilla.redhat.com/show_bug.cgi?id=461015
498768 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498768
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVE-2008-3529 https://nvd.nist.gov/vuln/detail/CVE-2008-3529
CVE-2008-3529;OSVDB-48158 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/8798.rb
GLSA-200812-06 https://security.gentoo.org/glsa/200812-06
RHSA-2008:0884 https://access.redhat.com/errata/RHSA-2008:0884
RHSA-2008:0886 https://access.redhat.com/errata/RHSA-2008:0886
USN-644-1 https://usn.ubuntu.com/644-1/
USN-815-1 https://usn.ubuntu.com/815-1/
Data source Exploit-DB
Date added May 25, 2009
Description Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
Ransomware campaign use Known
Source publication date May 26, 2009
Exploit type dos
Platform windows
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-3529
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.98108
EPSS Score 0.56626
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:39.640658+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200812-06 38.0.0