Integer Overflow Vulnerability in libxml2 Affects Various Software Products
CVE-2008-4226

Currently unrated

Key Information:

Vendor: Xmlsoft
Status: Libxml
Vendor: CVE Published:; 25 November 2008

What is CVE-2008-4226?

The vulnerability identified in libxml2 version 2.7.2 arises from an integer overflow in the xmlSAX2Characters function, which can be exploited by attackers through the submission of a specially crafted large XML document. This could potentially lead to memory corruption, culminating in denial of service scenarios or even allowing the execution of arbitrary code within the application's running context.

References

http://secunia.com/advisories/32766

third-party-advisoryx_refsource_SECUNIA

http://support.apple.com/kb/HT3639

x_refsource_CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2008
Vulnerability Reserved
Sep 24, 2008

Xmlsoft

What is CVE-2008-4226?

References

Timeline