CVE-2010-4494

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

References

http://code.google.com/p/chromium/issues/detail?id=63444

http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://secunia.com/advisories/40775

http://secunia.com/advisories/42472

http://secunia.com/advisories/42721

http://secunia.com/advisories/42762

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://www.debian.org/security/2010/dsa-2137

http://www.mandriva.com/security/advisories?name=MDVSA-2010:260

http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

http://www.redhat.com/support/errata/RHSA-2011-1749.html

http://www.vupen.com/english/advisories/2010/3319

http://www.vupen.com/english/advisories/2010/3336

http://www.vupen.com/english/advisories/2011/0230

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916

Details

Source: MITRE

Published: 2010-12-07

Updated: 2020-07-31

Type: CWE-415

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
75633openSUSE Security Update : libxml2 (openSUSE-SU-2011:0255-1)NessusSuSE Local Security Checks
critical
68721Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217)NessusOracle Linux Local Security Checks
high
64425Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)NessusScientific Linux Local Security Checks
high
64391RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)NessusRed Hat Local Security Checks
high
64384CentOS 6 : mingw32-libxml2 (CESA-2013:0217)NessusCentOS Local Security Checks
high
61192Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59966VMSA-2012-0012 : VMware ESXi update to third-party libraryNessusVMware ESX Local Security Checks
high
57022RHEL 6 : libxml2 (RHSA-2011:1749)NessusRed Hat Local Security Checks
critical
56660GLSA-201110-26 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
53766openSUSE Security Update : libxml2 (openSUSE-SU-2011:0255-1)NessusSuSE Local Security Checks
critical
53435Fedora 13 : libxml2-2.7.7-2.fc13 (2011-2699)NessusFedora Local Security Checks
critical
53253SuSE 11.1 Security Update : libxml2 (SAT Patch Number 3775)NessusSuSE Local Security Checks
critical
53225Fedora 15 : libxml2-2.7.8-6.fc15 (2011-4214)NessusFedora Local Security Checks
critical
52754Mac OS X 10.6.x < 10.6.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
800796Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5826Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
52645Fedora 14 : libxml2-2.7.7-3.fc14 (2011-2697)NessusFedora Local Security Checks
critical
801013Safari < 5.0.4 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5814Apple iOS < 4.3 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
5813Safari < 5.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
52613Safari < 5.0.4 Multiple VulnerabilitiesNessusWindows
high
52612Mac OS X : Apple Safari < 5.0.4NessusMacOS X Local Security Checks
high
5806iTunes < 10.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
52535Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
52534Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)NessusWindows
high
51793Mandriva Linux Security Advisory : libxml2 (MDVSA-2010:260)NessusMandriva Local Security Checks
critical
5745OpenOffice < 3.3 Multiple VulnerabilitiesNessus Network MonitorGeneric
high
51773Oracle OpenOffice.org < 3.3 Multiple VulnerabilitiesNessusWindows
high
51399Debian DSA-2137-1 : libxml2 - several vulnerabilitiesNessusDebian Local Security Checks
critical
800959Google Chrome < 8.0.552.215 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5719Google Chrome < 8.0.552.215 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
50977Google Chrome < 8.0.552.215 Multiple VulnerabilitiesNessusWindows
high