CVE-2008-4409

Publication date 3 October 2008

Last updated 24 July 2024

libxml2 2.7.0 and 2.7.1 does not properly handle “predefined entities definitions” in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libxml2	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-4409