← Back

CVE-2010-4008

nvd nist
Published: Nov 17, 2010Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Affected (25)

Products: Google: Chrome · Apple: Iphone Os, Itunes, Mac Os X, Safari · Xmlsoft: Libxml2 · +6 more
Show all products
Google: Chrome · Apple: Iphone Os, Itunes, Mac Os X, Safari · Xmlsoft: Libxml2 · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Eus, Enterprise Linux Workstation · Opensuse: Opensuse · Suse: Suse Linux Enterprise Server · Apache: Openoffice
Google
1 product
Chrome
Apple
4 products
Iphone Os
Itunes
Mac Os X
Safari
Xmlsoft
1 product
Libxml2
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Redhat
4 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Server Eus
Enterprise Linux Workstation
Opensuse
1 product
Opensuse
Suse
1 product
Suse Linux Enterprise Server
Apache
1 product
Openoffice
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Chrome
Before 7.0.517.44
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Iphone Os
Before 4.2
Itunes
Before 10.2
Mac Os X
Before 10.6.7
Safari
Before 5.0.4
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Libxml2
Before 2.7.8
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 5.0
Debian Linux
Version 6.0
Configuration E
5 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 10.04
Ubuntu Linux
Version 10.10
Ubuntu Linux
Version 6.06
Ubuntu Linux
Version 8.04
Ubuntu Linux
Version 9.10
Configuration F
4 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Server
Version 6.0
Enterprise Linux Server Eus
Version 6.3
Enterprise Linux Workstation
Version 6.0
Configuration G
6 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Opensuse
Version 11.1
Opensuse
Version 11.2
Opensuse
Version 11.3
Suse
Suse Linux Enterprise Server
Version 10 sp3
Suse Linux Enterprise Server
Version 11
Suse Linux Enterprise Server
Version 11 sp1
Configuration H
2 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Openoffice
From 2.0.0 to 2.4.3
Openoffice
From 3.0.0 to 3.3.0

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (64)

Source: product-security@apple.com
Broken Link
Source: product-security@apple.com
ExploitIssue TrackingPatchVendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Mailing ListThird Party Advisory
Source: product-security@apple.com
Mailing ListThird Party Advisory
Source: product-security@apple.com
Mailing ListThird Party Advisory
Source: product-security@apple.com
Mailing ListThird Party Advisory
Source: product-security@apple.com
Mailing ListThird Party Advisory
Source: product-security@apple.com
Mailing ListRelease NotesVendor Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party AdvisoryVendor Advisory
Source: product-security@apple.com
Third Party AdvisoryVendor Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Permissions Required
Source: product-security@apple.com
Permissions Required
Source: product-security@apple.com
Permissions Required
Source: product-security@apple.com
Permissions Required
Source: product-security@apple.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListRelease NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.