CVE-2008-3529

libxml2 < 2.7.0 - Heap-Based Buffer Overflow via Long XML Entity Name

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3529. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This Ruby script exploits CVE-2008-3529, a buffer overflow in libxml2 via Safari RSS feed handling. It serves a malicious XML payload to trigger a crash (DoS) or potential code execution on vulnerable systems.

Description

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · rubydoswindows

https://www.exploit-db.com/exploits/8798

View Code ZIP pw:eip

This Ruby script exploits CVE-2008-3529, a buffer overflow in libxml2 via Safari RSS feed handling. It serves a malicious XML payload to trigger a crash (DoS) or potential code execution on vulnerable systems.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Safari (via PubSubAgent) and libxml2 (versions prior to fix)

No auth needed

Prerequisites: Vulnerable version of Safari or libxml2 · Network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (53)

Core 53

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-815-1

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/644-1/

Third Party Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT3639

Release Notes, Vendor Advisory x_refsource_misc

http://xmlsoft.org/news.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31860

Broken Link x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32280

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31855

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1621

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45085

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT3549

Broken Link x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32807

Broken Link, Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31982

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=461015

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31868

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1654

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1298

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35074

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8798

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36173

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0884.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1522

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1020855

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32265

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200812-06.xml

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33715

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35056

Broken Link x_refsource_confirm

http://wiki.rpath.com/Advisories:rPSA-2008-0325

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2009/May/msg00000.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31126

Third Party Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35379

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33722

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:192

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32974

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36235

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1297

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT3550

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31558

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT3613

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2822

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0886.html

Scores

EPSS 0.2337

EPSS Percentile 97.5%

Details

CWE

CWE-119

Status published

Products (12)

apple/iphone_os < 3.0

apple/mac_os_x 10.5.7

apple/mac_os_x < 10.5.7

apple/safari < 4.0

canonical/ubuntu_linux 6.06 (2 CPE variants)

canonical/ubuntu_linux 7.04

canonical/ubuntu_linux 7.10

canonical/ubuntu_linux 8.04 (2 CPE variants)

canonical/ubuntu_linux 8.10

canonical/ubuntu_linux 9.04

... and 2 more

Published Sep 12, 2008

Tracked Since Feb 18, 2026