CVE-2010-4494

2010-12-0721:00:00

CWE-415

[email protected]

web.nvd.nist.gov

cve-2010-4494

double free

libxml2

denial of service

remote attackers

xpath handling

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.4%

JSON

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CPENameOperatorVersion
google:chromegoogle chromelt8.0.552.215
xmlsoft:libxml2xmlsoft libxml2le2.7.8
apple:mac_os_xapple mac os xlt10.6.7
apple:itunesapple ituneslt10.2
apple:safariapple safarilt5.0.4
apple:iphone_osapple iphone oslt4.3.0
opensuse:opensuseopensuseeq11.2
opensuse:opensuseopensuseeq11.3
suse:suse_linux_enterprise_serversuse suse linux enterprise servereq11
fedoraproject:fedorafedoraproject fedoraeq14

CPE	Name	Operator	Version
google:chrome	google chrome	lt	8.0.552.215
xmlsoft:libxml2	xmlsoft libxml2	le	2.7.8
apple:mac_os_x	apple mac os x	lt	10.6.7
apple:itunes	apple itunes	lt	10.2
apple:safari	apple safari	lt	5.0.4
apple:iphone_os	apple iphone os	lt	4.3.0
opensuse:opensuse	opensuse	eq	11.2
opensuse:opensuse	opensuse	eq	11.3
suse:suse_linux_enterprise_server	suse suse linux enterprise server	eq	11
fedoraproject:fedora	fedoraproject fedora	eq	14