Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kg71-czqe-v7g5
Vulnerability ID VCID-kg71-czqe-v7g5
Aliases CVE-2008-3529
Summary Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Status Published
Exploitability 2.0
Weighted Severity 0.5
Risk 1.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
epss 0.56626 https://api.first.org/data/v1/epss?cve=CVE-2008-3529
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3529.json
https://api.first.org/data/v1/epss?cve=CVE-2008-3529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
461015 https://bugzilla.redhat.com/show_bug.cgi?id=461015
498768 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498768
CVE-2008-3529;OSVDB-48158 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/8798.rb
GLSA-200812-06 https://security.gentoo.org/glsa/200812-06
RHSA-2008:0884 https://access.redhat.com/errata/RHSA-2008:0884
RHSA-2008:0886 https://access.redhat.com/errata/RHSA-2008:0886
USN-644-1 https://usn.ubuntu.com/644-1/
USN-815-1 https://usn.ubuntu.com/815-1/
Data source Exploit-DB
Date added May 25, 2009
Description Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
Ransomware campaign use Known
Source publication date May 26, 2009
Exploit type dos
Platform windows
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.98161
EPSS Score 0.56626
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:41:35.677929+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0