CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Published: Nov 17, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-4008
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
google / chrome	-	7.0.517.44
apple / iphone_os	-	4.2
apple / mac_os_x	-	10.6.7
apple / itunes	-	10.2
apple / safari	-	5.0.4
xmlsoft / libxml2	-	2.7.8
debian / debian_linux	5.0	5.0.x
debian / debian_linux	6.0	6.0.x
canonical / ubuntu_linux	10.10	10.10.x
canonical / ubuntu_linux	6.06	6.06.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	10.04	10.04.x
canonical / ubuntu_linux	9.10	9.10.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_server_eus	6.3	6.3.x
opensuse / opensuse	11.1	11.1.x
opensuse / opensuse	11.2	11.2.x
opensuse / opensuse	11.3	11.3.x
suse / suse_linux_enterprise_server	11-sp1	11-sp1.x
suse / suse_linux_enterprise_server	11	11.x
suse / suse_linux_enterprise_server	10-sp3	10-sp3.x
apache / openoffice	2.0.0	2.4.3.x
apache / openoffice	3.0.0	3.3.0

Vulnerability Database

289,599

CVE-2010-4008