CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Potential Mitigations

References

• http://code.google.com/p/chromium/issues/detail?id=63444
• http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html
• http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
• http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
• http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
• http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
• http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html
• http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
• http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2
• http://rhn.redhat.com/errata/RHSA-2013-0217.html
• http://secunia.com/advisories/40775
• http://secunia.com/advisories/42472
• http://secunia.com/advisories/42721
• http://secunia.com/advisories/42762
• http://support.apple.com/kb/HT4554
• http://support.apple.com/kb/HT4564
• http://support.apple.com/kb/HT4566
• http://support.apple.com/kb/HT4581
• http://www.debian.org/security/2010/dsa-2137
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:260
• http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
• http://www.redhat.com/support/errata/RHSA-2011-1749.html
• http://www.vupen.com/english/advisories/2010/3319
• http://www.vupen.com/english/advisories/2010/3336
• http://www.vupen.com/english/advisories/2011/0230
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916