Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Related bugs and status

CVE-2010-4008 (Candidate) is related to these bugs:

Bug #882588: LibreOffice/Mozilla integration broken

Summary				In	Importance	Status
	882588	LibreOffice/Mozilla integration broken		libreoffice (Ubuntu)	Undecided	Fix Released
	882588	LibreOffice/Mozilla integration broken		firefox (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [xml] 20101104 Release...
MISC: http://blog.bkis.com/e...
CONFIRM: http://code.google.com...
CONFIRM: http://googlechromerel...
SECUNIA: 42109
SECUNIA: 42175
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2010-11-22-1
DEBIAN: DSA-2128
MANDRIVA: MDVSA-2010:243
BID: 44779
UBUNTU: USN-1016-1
SECUNIA: 42314
SECUNIA: 42429
VUPEN: ADV-2010-3046
VUPEN: ADV-2010-3076
VUPEN: ADV-2010-3100
SUSE: SUSE-SR:2010:023
CONFIRM: http://www.openoffice....
VUPEN: ADV-2011-0230
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2011-03-02-1
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2011-03-09-2
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2011-03-21-1
REDHAT: RHSA-2011:1749
REDHAT: RHSA-2013:0217
SECUNIA: 40775
HP: HPSBMA02662
HP: SSRT100409
HP: HPSBGN02970
OVAL: oval:org.mitre.oval:de...