CVE-2010-4008

medium Apache
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS Score
0.8%
Exploitation probability in 30 days
Top 27% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P
Published: November 17, 2010 (5658 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

CWE

CWE-119

Affected Products

google chromeapple itunesapple safariapple iphone osapple mac os xxmlsoft libxml2debian debian linuxcanonical ubuntu linuxredhat enterprise linux desktopredhat enterprise linux server

References

🔗 blog.bkis.com 🔗 code.google.com 🔗 googlechromereleases.blogspot.com 🔗 lists.apple.com 🔗 lists.apple.com