CVE-2008-3281

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.6.32 and earlier

Description The issue allows context-dependent attackers to cause a denial of service, consuming memory and CPU, via a crafted XML document. This is due to improper detection of recursion during entity expansion in an attribute value. Multiple vulnerabilities in the libxml2 package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For libxml2 versions 2.6.32 and earlier, update to a version later than 2.6.32 to resolve the issue. As a temporary workaround, consider restricting the processing of crafted XML documents to minimize the risk of exploitation.