CVE-2010-4494

HIGH

Description

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

References

http://code.google.com/p/chromium/issues/detail?id=63444

http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://secunia.com/advisories/40775

http://secunia.com/advisories/42472

http://secunia.com/advisories/42721

http://secunia.com/advisories/42762

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://www.debian.org/security/2010/dsa-2137

http://www.mandriva.com/security/advisories?name=MDVSA-2010:260

http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

http://www.redhat.com/support/errata/RHSA-2011-1749.html

http://www.vupen.com/english/advisories/2010/3319

http://www.vupen.com/english/advisories/2010/3336

http://www.vupen.com/english/advisories/2011/0230

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916

Details

Source: MITRE

Published: 2010-12-07

Updated: 2020-07-31

Type: CWE-415

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (32 total)

IDNameProductFamilySeverity
75633openSUSE Security Update : libxml2 (openSUSE-SU-2011:0255-1)NessusSuSE Local Security Checks
critical
68721Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217)NessusOracle Linux Local Security Checks
high
64425Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)NessusScientific Linux Local Security Checks
high
64391RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)NessusRed Hat Local Security Checks
high
64384CentOS 6 : mingw32-libxml2 (CESA-2013:0217)NessusCentOS Local Security Checks
high
61192Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59966VMSA-2012-0012 : VMware ESXi update to third-party libraryNessusVMware ESX Local Security Checks
high
57022RHEL 6 : libxml2 (RHSA-2011:1749)NessusRed Hat Local Security Checks
critical
56660GLSA-201110-26 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
53766openSUSE Security Update : libxml2 (openSUSE-SU-2011:0255-1)NessusSuSE Local Security Checks
critical
53435Fedora 13 : libxml2-2.7.7-2.fc13 (2011-2699)NessusFedora Local Security Checks
critical
53253SuSE 11.1 Security Update : libxml2 (SAT Patch Number 3775)NessusSuSE Local Security Checks
critical
53225Fedora 15 : libxml2-2.7.8-6.fc15 (2011-4214)NessusFedora Local Security Checks
critical
52754Mac OS X 10.6.x < 10.6.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
800796Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5826Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
52645Fedora 14 : libxml2-2.7.7-3.fc14 (2011-2697)NessusFedora Local Security Checks
critical
801013Safari < 5.0.4 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5814Apple iOS < 4.3 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
5813Safari < 5.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
52613Safari < 5.0.4 Multiple VulnerabilitiesNessusWindows
high
52612Mac OS X : Apple Safari < 5.0.4NessusMacOS X Local Security Checks
high
5806iTunes < 10.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
52535Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
52534Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)NessusWindows
high
51793Mandriva Linux Security Advisory : libxml2 (MDVSA-2010:260)NessusMandriva Local Security Checks
critical
5745OpenOffice < 3.3 Multiple VulnerabilitiesNessus Network MonitorGeneric
high
51773Oracle OpenOffice.org < 3.3 Multiple VulnerabilitiesNessusWindows
high
51399Debian DSA-2137-1 : libxml2 - several vulnerabilitiesNessusDebian Local Security Checks
critical
800959Google Chrome < 8.0.552.215 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5719Google Chrome < 8.0.552.215 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
50977Google Chrome < 8.0.552.215 Multiple VulnerabilitiesNessusWindows
high