Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rbdy-dm61-jkdw
Vulnerability ID VCID-rbdy-dm61-jkdw
Aliases CVE-2008-4409
Summary Multiple vulnerabilities in libxml2 might lead to execution of arbitrary code or Denial of Service.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-399 Resource Management Errors
System Score Found at
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
epss 0.11297 https://api.first.org/data/v1/epss?cve=CVE-2008-4409
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-4409
Reference id Reference type URL
http://bugzilla.gnome.org/show_bug.cgi?id=554660
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://openwall.com/lists/oss-security/2008/10/02/4
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4409.json
https://api.first.org/data/v1/epss?cve=CVE-2008-4409
http://secunia.com/advisories/32130
http://secunia.com/advisories/32175
http://secunia.com/advisories/32974
http://secunia.com/advisories/35379
http://security.gentoo.org/glsa/glsa-200812-06.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/45633
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00125.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00130.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:212
http://www.securityfocus.com/bid/31555
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
465756 https://bugzilla.redhat.com/show_bug.cgi?id=465756
cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
CVE-2008-4409 https://nvd.nist.gov/vuln/detail/CVE-2008-4409
CVE-2008-4409;OSVDB-48754 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/32454.xml
CVE-2008-4409;OSVDB-48754 Exploit https://www.securityfocus.com/bid/31555/info
GLSA-200812-06 https://security.gentoo.org/glsa/200812-06
Data source Exploit-DB
Date added Oct. 2, 2008
Description libxml2 - Denial of Service
Ransomware campaign use Known
Source publication date Oct. 2, 2008
Exploit type dos
Platform unix
Source update date March 23, 2014
Source URL https://www.securityfocus.com/bid/31555/info
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4409
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93494
EPSS Score 0.11297
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:03:39.650090+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200812-06 38.0.0