CVE-2010-4494

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.7.6 through 2.7.8 mingw32-libxml2 versions 2.7.6 mingw32-libxml2-debuginfo versions 2.7.6 mingw32-libxml2-static versions 2.7.6 Google Chrome version prior to 8.0.552.215

Description The issue is related to multiple vulnerabilities in the libxml2 package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A double free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Recommendations For libxml2 versions 2.7.6 through 2.7.8, update to a version later than 2.7.8 to resolve the issue. For mingw32-libxml2, mingw32-libxml2-debuginfo, and mingw32-libxml2-static versions 2.7.6, update to a version later than 2.7.6 to resolve the issue. For Google Chrome version prior to 8.0.552.215, update to version 8.0.552.215 or later to resolve the issue. As a temporary workaround, consider restricting access to the XPath handling functionality until a patch is available.