CVE-2010-4008

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.7.8 libxml2-dev (affected versions not specified) libxml2-doc (affected versions not specified) libxml2-utils (affected versions not specified) mingw32-libxml2-2.7.6 mingw32-libxml2-static-2.7.6 mingw32-libxml2-debuginfo-2.7.6

Description The issue is related to multiple vulnerabilities in the libxml2 library, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. The vulnerabilities are associated with reading from invalid memory locations during the processing of malformed XPath expressions, allowing context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. The vulnerabilities can also be related to the repeated release of memory, allowing a remote attacker to disrupt confidentiality, integrity, and availability of protected information.

Recommendations For libxml2 versions prior to 2.7.8, update to version 2.7.8 or later. For libxml2-dev, libxml2-doc, and libxml2-utils, there is no information about a newer version that contains a fix for this vulnerability. For mingw32-libxml2-2.7.6, mingw32-libxml2-static-2.7.6, and mingw32-libxml2-debuginfo-2.7.6, consider disabling the use of the libxml2 library until a patch is available. As a temporary workaround, consider restricting access to the vulnerable library to minimize the risk of exploitation.