CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	8.0.552.215 (excluding)
Red Hat Enterprise Linux 6	RedHat	libxml2-0:2.7.6-4.el6	*
Red Hat Enterprise Linux 6	RedHat	mingw32-libxml2-0:2.7.6-6.el6_3	*
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	maverick	*
Chromium-browser	Ubuntu	upstream	*

Potential Mitigations

References

http://code.google.com/p/chromium/issues/detail?id=63444
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://secunia.com/advisories/40775
http://secunia.com/advisories/42472
http://secunia.com/advisories/42721
http://secunia.com/advisories/42762
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4566
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2010/dsa-2137
http://www.mandriva.com/security/advisories?name=MDVSA-2010:260
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
http://www.redhat.com/support/errata/RHSA-2011-1749.html
http://www.vupen.com/english/advisories/2010/3319
http://www.vupen.com/english/advisories/2010/3336
http://www.vupen.com/english/advisories/2011/0230
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916
http://code.google.com/p/chromium/issues/detail?id=63444
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://secunia.com/advisories/40775
http://secunia.com/advisories/42472
http://secunia.com/advisories/42721
http://secunia.com/advisories/42762
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4566
http://support.apple.com/kb/HT4581
http://www.debian.org/security/2010/dsa-2137
http://www.mandriva.com/security/advisories?name=MDVSA-2010:260
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
http://www.redhat.com/support/errata/RHSA-2011-1749.html
http://www.vupen.com/english/advisories/2010/3319
http://www.vupen.com/english/advisories/2010/3336
http://www.vupen.com/english/advisories/2011/0230
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-4494
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References