CVE-2011-2821 — Double Free in Google Chrome

CWE-415 — Double Free CWE-672 — Operation on a Resource after Expiration or Release8 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Apple Iphone OS Apple MAC OS X +7 more

Timeline

PublishedAug 29

Latest updateMay 13

Description

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages8 packages

▶NVDgoogle/chrome< 13.0.782.215

▶debiandebian/libxml2< libxml2 2.7.8.dfsg-5 (bookworm)

▶Debianxmlsoft/libxml2< 2.7.8.dfsg-5+3

▶NVDapple/mac_os_x< 10.7.4

▶NVDapple/iphone_os< 6.0

Also affects: Debian Linux 5.0, 6.0, 7.0, Enterprise Linux 6.3

🔴Vulnerability Details

GHSA

GHSA-mx3h-88ww-4mqq: Double free vulnerability in libxml2, as used in Google Chrome before 13↗2022-05-13

▶

OSV

CVE-2011-2821: Double free vulnerability in libxml2, as used in Google Chrome before 13↗2011-08-29

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2012-01-19

▶

Red Hat

libxml2: double free caused by malformed XPath expression in XSLT↗2011-08-22

▶

Debian

CVE-2011-2821: libxml2 - Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.2...↗2011

▶

💬Community

Bugzilla

CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT↗2011-09-05

▶

Bugzilla

CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT [fedora-all]↗2011-09-05

▶