CVE-2008-3529

Publication date 12 September 2008

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libxml2	8.04 LTS hardy	Fixed 2.6.31.dfsg-2ubuntu1.2
	7.10 gutsy	Fixed 2.6.30.dfsg-2ubuntu1.3
	7.04 feisty	Fixed 2.6.27.dfsg-1ubuntu3.3
	6.06 LTS dapper	Fixed 2.6.24.dfsg-1ubuntu1.3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-644-1
libxml2 vulnerabilities
11 September 2008

USN-815-1
libxml2 vulnerabilities
11 August 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3529