CVE-2010-4494

CWE-4158 documents7 sources

Severity

7.5HIGH

EPSS

1.3%

top 20.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openoffice Apple Iphone OS Apple Itunes +12 more

Timeline

PublishedDec 7

Latest updateMay 13

Description

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages13 packages

▶NVDgoogle/chrome< 8.0.552.215

▶Debianlibxml2< 2.7.8.dfsg-2+3

▶NVDxmlsoft/libxml22.7.8

▶NVDapple/itunes< 10.2

▶NVDapple/safari< 5.0.4

Also affects: Debian Linux 5.0, 6.0, Fedora 14, Enterprise Linux 6.3

Patches

Patch: code.google.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-3m5c-7hqx-55x7: Double free vulnerability in libxml2 2↗2022-05-13

▶

OSV

CVE-2010-4494: Double free vulnerability in libxml2 2↗2010-12-07

▶

CVEList

CVE-2010-4494: Double free vulnerability in libxml2 2↗2010-12-07

▶

📋Vendor Advisories

Red Hat

libxml2: double-free in XPath processing code↗2010-11-17

▶

Debian

CVE-2010-4494: libxml2 - Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google...↗2010

▶

💬Community

Bugzilla

CVE-2010-4494 libxml2: double-free in XPath processing code↗2010-12-28

▶

Bugzilla

CVE-2010-4494 libxml2: Memory corruption (double-free) in XPath processing code [fedora-all]↗2010-12-28

▶