libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
References
Link Providers
http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/ cve-icon cve-icon
http://code.google.com/p/chromium/issues/detail?id=58731 cve-icon cve-icon
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html cve-icon cve-icon
http://mail.gnome.org/archives/xml/2010-November/msg00015.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=130331363227777&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=139447903326211&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-0217.html cve-icon cve-icon
http://secunia.com/advisories/40775 cve-icon cve-icon
http://secunia.com/advisories/42109 cve-icon cve-icon
http://secunia.com/advisories/42175 cve-icon cve-icon
http://secunia.com/advisories/42314 cve-icon cve-icon
http://secunia.com/advisories/42429 cve-icon cve-icon
http://support.apple.com/kb/HT4456 cve-icon cve-icon
http://support.apple.com/kb/HT4554 cve-icon cve-icon
http://support.apple.com/kb/HT4566 cve-icon cve-icon
http://support.apple.com/kb/HT4581 cve-icon cve-icon
http://www.debian.org/security/2010/dsa-2128 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:243 cve-icon cve-icon
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-1749.html cve-icon cve-icon
http://www.securityfocus.com/bid/44779 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1016-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3046 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3076 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3100 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0230 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2010-4008 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2010-4008 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2010-11-16T23:00:00

Updated: 2024-08-07T03:26:12.386Z

Reserved: 2010-10-20T00:00:00

Link: CVE-2010-4008

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-11-17T01:00:02.963

Modified: 2024-11-21T01:20:03.587

Link: CVE-2010-4008

cve-icon Redhat

Severity : Low

Publid Date: 2010-11-04T00:00:00Z

Links: CVE-2010-4008 - Bugzilla