Unrated severityNVD Advisory· Published Nov 17, 2010· Updated Apr 29, 2026
CVE-2010-4008
CVE-2010-4008
Description
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
Affected products
24cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
32- code.google.com/p/chromium/issues/detailnvdExploitIssue TrackingPatchVendor Advisory
- googlechromereleases.blogspot.com/2010/11/stable-channel-update.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlnvdMailing ListThird Party Advisory
- lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlnvdMailing ListThird Party Advisory
- lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlnvdMailing ListThird Party Advisory
- mail.gnome.org/archives/xml/2010-November/msg00015.htmlnvdMailing ListRelease NotesVendor Advisory
- marc.infonvdThird Party Advisory
- marc.infonvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0217.htmlnvdThird Party Advisory
- secunia.com/advisories/40775nvdThird Party Advisory
- secunia.com/advisories/42109nvdThird Party AdvisoryVendor Advisory
- secunia.com/advisories/42175nvdThird Party AdvisoryVendor Advisory
- secunia.com/advisories/42314nvdThird Party Advisory
- secunia.com/advisories/42429nvdThird Party Advisory
- support.apple.com/kb/HT4456nvdThird Party Advisory
- support.apple.com/kb/HT4554nvdThird Party Advisory
- support.apple.com/kb/HT4566nvdThird Party Advisory
- support.apple.com/kb/HT4581nvdThird Party Advisory
- www.debian.org/security/2010/dsa-2128nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2011-1749.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/44779nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1016-1nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148nvdThird Party Advisory
- blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/nvdBroken Link
- www.vupen.com/english/advisories/2010/3046nvdPermissions Required
- www.vupen.com/english/advisories/2010/3076nvdPermissions Required
- www.vupen.com/english/advisories/2010/3100nvdPermissions Required
- www.vupen.com/english/advisories/2011/0230nvdPermissions Required
News mentions
0No linked articles in our index yet.