Vulnerability Description
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 7.0.517.44 | |
| Apple | Itunes | < 10.2 |
| Apple | Safari | < 5.0.4 |
| Apple | Iphone Os | < 4.2 |
| Apple | Mac Os X | < 10.6.7 |
| Xmlsoft | Libxml2 | < 2.7.8 |
| Debian | Debian Linux | 5.0 |
| Canonical | Ubuntu Linux | 6.06 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Eus | 6.3 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Opensuse | Opensuse | 11.1 |
| Suse | Suse Linux Enterprise Server | 10 |
| Apache | Openoffice | >= 2.0.0, <= 2.4.3 |
Related Weaknesses (CWE)
References
- http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/Broken Link
- http://code.google.com/p/chromium/issues/detail?id=58731ExploitIssue TrackingPatch
- http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.htmlVendor Advisory
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListThird Party Advisory
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlMailing ListThird Party Advisory
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlMailing ListThird Party Advisory
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlMailing ListThird Party Advisory
- http://mail.gnome.org/archives/xml/2010-November/msg00015.htmlMailing ListRelease NotesVendor Advisory
- http://marc.info/?l=bugtraq&m=130331363227777&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=139447903326211&w=2Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0217.htmlThird Party Advisory
- http://secunia.com/advisories/40775Third Party Advisory
- http://secunia.com/advisories/42109Third Party AdvisoryVendor Advisory
- http://secunia.com/advisories/42175Third Party AdvisoryVendor Advisory
FAQ
What is CVE-2010-4008?
CVE-2010-4008 is a vulnerability with a CVSS score of 4.3 (MEDIUM). libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressio...
How severe is CVE-2010-4008?
CVE-2010-4008 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4008?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Itunes, Apple Safari, Apple Iphone Os, Apple Mac Os X.