Published: 07/12/2010 Updated: 31/07/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome prior to 8.0.552.215 and other products, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
xmlsoft libxml2
apple itunes
apple safari
apple iphone os
apple mac os x
opensuse opensuse 11.2
opensuse opensuse 11.3
suse suse linux enterprise server 11
fedoraproject fedora 14
redhat enterprise linux desktop 6.0
redhat enterprise linux eus 6.3
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
debian debian linux 5.0
debian debian linux 6.0
hp insight control server deployment
hp rapid deployment pack
apache openoffice

Synopsis Low: libxml2 security and bug fix update Type/Severity Security Advisory: Low Topic Updated libxml2 packages that fix several security issues and various bugsare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity impact Commo ...

Debian Bug report logs - #607922 CVE-2010-4494: memory corruption (double-free) in XPath processing code Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debian ...

Debian Bug report logs - #643648 CVE-2011-2834 and CVE-2011-2821 Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debianorg> Date: Wed, 28 Sep 2011 10:57:1 ...

Yang Dingning discovered a double free in libxml's Xpath processing, which might allow the execution of arbitrary code For the stable distribution (lenny), this problem has been fixed in version 2632dfsg-5+lenny3 For the upcoming stable distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 278dfs ...

CWE-415 http://code.google.com/p/chromium/issues/detail?id=63444 http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html http://secunia.com/advisories/42762 http://www.mandriva.com/security/advisories?name=MDVSA-2010:260 http://secunia.com/advisories/42721 http://www.vupen.com/english/advisories/2010/3336 http://www.vupen.com/english/advisories/2010/3319 http://www.debian.org/security/2010/dsa-2137 http://www.vupen.com/english/advisories/2011/0230 http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html http://support.apple.com/kb/HT4554 http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html http://www.redhat.com/support/errata/RHSA-2011-1749.html http://rhn.redhat.com/errata/RHSA-2013-0217.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/42472 http://secunia.com/advisories/40775 http://marc.info/?l=bugtraq&m=139447903326211&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916 https://access.redhat.com/errata/RHSA-2011:1749 https://nvd.nist.gov https://www.debian.org/security/./dsa-2137

CVE-2010-4494

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect