Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-4008

Published: 17/11/2010 Updated: 04/06/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Google

Vulnerability Summary

libxml2 prior to 2.7.8, as used in Google Chrome prior to 7.0.517.44, Apple Safari 5.0.2 and previous versions, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent malicious users to cause a denial of service (application crash) via a crafted XML document.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

apple itunes

apple safari

apple iphone os

apple mac os x

xmlsoft libxml2

debian debian linux 5.0

debian debian linux 6.0

canonical ubuntu linux 6.06

canonical ubuntu linux 8.04

canonical ubuntu linux 9.10

canonical ubuntu linux 10.04

canonical ubuntu linux 10.10

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux server eus 6.3

redhat enterprise linux workstation 6.0

opensuse opensuse 11.1

opensuse opensuse 11.2

opensuse opensuse 11.3

suse suse linux enterprise server 10

suse suse linux enterprise server 11

apache openoffice

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2010-4008: does not well process a malformed XPATH
Debian Bug report logs - #602609 CVE-2010-4008: does not well process a malformed XPATH Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debianorg> Date: S ...
Ubuntu Security Notice: libxml2 vulnerability
libxml2 could be made to crash or run programs as your login if it opened a specially crafted file ...
Red Hat: Important: libxml2 security update
Synopsis Important: libxml2 security update Type/Severity Security Advisory: Important Topic Updated libxml2 packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerabi ...
Red Hat: Low: libxml2 security and bug fix update
Synopsis Low: libxml2 security and bug fix update Type/Severity Security Advisory: Low Topic Updated libxml2 packages that fix several security issues and various bugsare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity impact Commo ...
Debian Security Advisories: DSA-2128-1 libxml2 -- invalid memory access
Bui Quang Minh discovered that libxml2, a library for parsing and handling XML data files, does not well process a malformed XPATH, causing crash and allowing arbitrary code execution For the stable distribution (lenny), this problem has been fixed in version 2632dfsg-5+lenny2 For the testing (squeeze) and unstable (sid) distribution, this pro ...

References

CWE-119http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.htmlhttp://secunia.com/advisories/42175http://code.google.com/p/chromium/issues/detail?id=58731http://mail.gnome.org/archives/xml/2010-November/msg00015.htmlhttp://secunia.com/advisories/42109http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/http://support.apple.com/kb/HT4456http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlhttp://www.debian.org/security/2010/dsa-2128http://www.securityfocus.com/bid/44779http://www.mandriva.com/security/advisories?name=MDVSA-2010:243http://www.vupen.com/english/advisories/2010/3046http://www.ubuntu.com/usn/USN-1016-1http://secunia.com/advisories/42429http://www.vupen.com/english/advisories/2010/3076http://secunia.com/advisories/42314http://www.vupen.com/english/advisories/2010/3100http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://www.vupen.com/english/advisories/2011/0230http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.htmlhttp://support.apple.com/kb/HT4554http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlhttp://support.apple.com/kb/HT4566http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlhttp://support.apple.com/kb/HT4581http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://marc.info/?l=bugtraq&m=130331363227777&w=2http://www.redhat.com/support/errata/RHSA-2011-1749.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0217.htmlhttp://secunia.com/advisories/40775http://marc.info/?l=bugtraq&m=139447903326211&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602609https://usn.ubuntu.com/1016-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook