CVE-2010-4494
published 2010-12-07CVE-2010-4494: Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | openoffice | 2.1.0 – 2.4.3 | — |
| apache | openoffice | >= 3.0.0 < 3.3.0 | 3.3.0 |
| apple | iphone_os | < 4.3.0 | 4.3.0 |
| apple | itunes | < 10.2 | 10.2 |
| apple | mac_os_x | < 10.6.7 | 10.6.7 |
| apple | safari | < 5.0.4 | 5.0.4 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.7.8.dfsg-2 (bookworm) | libxml2 2.7.8.dfsg-2 (bookworm) |
| fedoraproject | fedora | — | — |
| chrome | < 8.0.552.215 | 8.0.552.215 | |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| suse | suse_linux_enterprise_server | — | — |
| xmlsoft | libxml2 | <= 2.7.8 | — |
| xmlsoft | libxml2 | >= 0 < 2.7.8.dfsg-2 | 2.7.8.dfsg-2 |
| xmlsoft | libxml2 | >= 0 < 2.7.8.dfsg-2 | 2.7.8.dfsg-2 |
| xmlsoft | libxml2 | >= 0 < 2.7.8.dfsg-2 | 2.7.8.dfsg-2 |
| xmlsoft | libxml2 | >= 0 < 2.7.8.dfsg-2 | 2.7.8.dfsg-2 |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH