Integer Overflow Vulnerability in libxml2 Affects Multiple Vendors
CVE-2008-4225

Currently unrated

Key Information:

Vendor: Xmlsoft
Status: Libxml
Vendor: CVE Published:; 25 November 2008

What is CVE-2008-4225?

An integer overflow has been identified in the xmlBufferResize function of libxml2 version 2.7.2. This vulnerability can be exploited by context-dependent attackers through the submission of a large XML document, resulting in a denial of service condition characterized by an infinite loop. This flaw affects the stability and performance of applications utilizing the affected version of libxml2.

References

http://secunia.com/advisories/32766

third-party-advisoryx_refsource_SECUNIA

http://support.apple.com/kb/HT3639

x_refsource_CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2008
Vulnerability Reserved
Sep 24, 2008

Xmlsoft

What is CVE-2008-4225?

References

Timeline