CVE-2010-4008

Google Chrome < 7.0.517.44 - Memory Corruption

Title source: rule
STIX 2.1

Description

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

References (32)

Core 32
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40775
Third Party Advisory, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42175
Mailing List, Release Notes, Vendor Advisory mailing-list x_refsource_mlist
http://mail.gnome.org/archives/xml/2010-November/msg00015.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130331363227777&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44779
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0230
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3046
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0217.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1016-1
Third Party Advisory, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42109
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4566
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1749.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3100
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42314
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4554
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2128
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3076
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4456
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=58731
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=139447903326211&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42429
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4581

Scores

EPSS 0.0076
EPSS Percentile 73.5%

Details

CWE
CWE-119
Status published
Products (23)
apache/openoffice 2.0.0 - 2.4.3
apple/iphone_os < 4.2
apple/itunes < 10.2
apple/mac_os_x < 10.6.7
apple/safari < 5.0.4
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 9.10
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
... and 13 more
Published Nov 17, 2010
Tracked Since Feb 18, 2026