Detections
Analytics
CVE-2010-4008
critical
Description
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148
http://www.ubuntu.com/usn/USN-1016-1
http://www.securityfocus.com/bid/44779
http://www.redhat.com/support/errata/RHSA-2011-1749.html
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
http://www.debian.org/security/2010/dsa-2128
http://support.apple.com/kb/HT4581
http://support.apple.com/kb/HT4566
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4456
http://secunia.com/advisories/42429
http://secunia.com/advisories/42314
http://secunia.com/advisories/42175
http://secunia.com/advisories/42109
http://secunia.com/advisories/40775
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://marc.info/?l=bugtraq&m=139447903326211&w=2
http://marc.info/?l=bugtraq&m=130331363227777&w=2
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://www.vupen.com/english/advisories/2011/0230
http://www.vupen.com/english/advisories/2010/3100
http://www.vupen.com/english/advisories/2010/3076
http://www.vupen.com/english/advisories/2010/3046
http://mail.gnome.org/archives/xml/2010-November/msg00015.html
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html