Back to search
CVE-2008-4409
Published: Oct 3, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://support.apple.com/kb/HT3639
x_refsource_CONFIRM
ADV-2009-1621
vdb-entry
x_refsource_VUPEN
APPLE-SA-2009-06-08-1
vendor-advisory
x_refsource_APPLE
FEDORA-2008-8575
vendor-advisory
x_refsource_FEDORA
ADV-2009-1522
vdb-entry
x_refsource_VUPEN
GLSA-200812-06
vendor-advisory
x_refsource_GENTOO
APPLE-SA-2009-06-17-1
vendor-advisory
x_refsource_APPLE
[oss-security] 20081002 libxml2 "ampproblem" DoS
mailing-list
x_refsource_MLIST
32130
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:212
vendor-advisory
x_refsource_MANDRIVA
35379
third-party-advisory
x_refsource_SECUNIA
31555
vdb-entry
x_refsource_BID
FEDORA-2008-8582
vendor-advisory
x_refsource_FEDORA
32974
third-party-advisory
x_refsource_SECUNIA
32175
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3613
x_refsource_CONFIRM
libxml2-xml-file-dos(45633)
vdb-entry
x_refsource_XF
http://bugzilla.gnome.org/show_bug.cgi?id=554660
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now