Vulnerability Description
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 8.0.552.215 | |
| Xmlsoft | Libxml2 | <= 2.7.8 |
| Apple | Itunes | < 10.2 |
| Apple | Safari | < 5.0.4 |
| Apple | Iphone Os | < 4.3.0 |
| Apple | Mac Os X | < 10.6.7 |
| Opensuse | Opensuse | 11.2 |
| Suse | Suse Linux Enterprise Server | 11 |
| Fedoraproject | Fedora | 14 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Eus | 6.3 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Debian | Debian Linux | 5.0 |
| Hp | Insight Control Server Deployment | All versions |
| Hp | Rapid Deployment Pack | All versions |
| Apache | Openoffice | >= 2.1.0, <= 2.4.3 |
Related Weaknesses (CWE)
References
- http://code.google.com/p/chromium/issues/detail?id=63444ExploitIssue TrackingPatch
- http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.htmVendor Advisory
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.htmlMailing ListThird Party Advisory
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlMailing ListThird Party Advisory
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlMailing ListThird Party Advisory
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlThird Party Advisory
- http://marc.info/?l=bugtraq&m=139447903326211&w=2Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0217.htmlThird Party Advisory
- http://secunia.com/advisories/40775Third Party Advisory
- http://secunia.com/advisories/42472Third Party Advisory
- http://secunia.com/advisories/42721Third Party Advisory
- http://secunia.com/advisories/42762Third Party Advisory
- http://support.apple.com/kb/HT4554Third Party Advisory
FAQ
What is CVE-2010-4494?
CVE-2010-4494 is a vulnerability with a CVSS score of 7.5 (HIGH). Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have uns...
How severe is CVE-2010-4494?
CVE-2010-4494 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4494?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Xmlsoft Libxml2, Apple Itunes, Apple Safari, Apple Iphone Os.