Search for vulnerabilities
Vulnerability details: VCID-2pr1-tx7j-aaag
Vulnerability ID VCID-2pr1-tx7j-aaag
Aliases CVE-2008-3529
Summary Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122 Heap-based Buffer Overflow
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
rhas Important https://access.redhat.com/errata/RHSA-2008:0884
rhas Important https://access.redhat.com/errata/RHSA-2008:0886
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.36582 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.37742 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.42793 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.46053 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.46053 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.58863 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.83199 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85060 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85060 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85060 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85636 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85636 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85636 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85636 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85636 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85636 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.85636 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.86344 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.86344 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.86344 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.86344 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
generic_textual MODERATE http://secunia.com/advisories/31982
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2008-3529
cvssv3.1 7.5 http://xmlsoft.org/news.html
generic_textual HIGH http://xmlsoft.org/news.html
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3529.json
https://api.first.org/data/v1/epss?cve=CVE-2008-3529
https://bugzilla.redhat.com/show_bug.cgi?id=461015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
http://secunia.com/advisories/31558
http://secunia.com/advisories/31855
http://secunia.com/advisories/31860
http://secunia.com/advisories/31868
http://secunia.com/advisories/31982
http://secunia.com/advisories/32265
http://secunia.com/advisories/32280
http://secunia.com/advisories/32807
http://secunia.com/advisories/32974
http://secunia.com/advisories/33715
http://secunia.com/advisories/33722
http://secunia.com/advisories/35056
http://secunia.com/advisories/35074
http://secunia.com/advisories/35379
http://secunia.com/advisories/36173
http://secunia.com/advisories/36235
http://security.gentoo.org/glsa/glsa-200812-06.xml
http://securitytracker.com/id?1020855
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3550
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
https://usn.ubuntu.com/644-1/
https://www.exploit-db.com/exploits/8798
http://wiki.rpath.com/Advisories:rPSA-2008-0325
http://www.debian.org/security/2008/dsa-1654
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
http://www.redhat.com/support/errata/RHSA-2008-0884.html
http://www.redhat.com/support/errata/RHSA-2008-0886.html
http://www.securityfocus.com/bid/31126
http://www.ubuntu.com/usn/USN-815-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2008/2822
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1298
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://xmlsoft.org/news.html
498768 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498768
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVE-2008-3529 https://nvd.nist.gov/vuln/detail/CVE-2008-3529
CVE-2008-3529;OSVDB-48158 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/8798.rb
GLSA-200812-06 https://security.gentoo.org/glsa/200812-06
RHSA-2008:0884 https://access.redhat.com/errata/RHSA-2008:0884
RHSA-2008:0886 https://access.redhat.com/errata/RHSA-2008:0886
USN-815-1 https://usn.ubuntu.com/815-1/
Data source Exploit-DB
Date added May 25, 2009
Description Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
Ransomware campaign use Known
Source publication date May 26, 2009
Exploit type dos
Platform windows
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-3529
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://xmlsoft.org/news.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.96878
EPSS Score 0.36582
Published At April 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.