CVE-2010-4494 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Vendor	Product	Version
google	chrome	𝑥 < 8.0.552.215
xmlsoft	libxml2	𝑥 ≤ 2.7.8
apple	itunes	𝑥 < 10.2
apple	safari	𝑥 < 5.0.4
apple	iphone_os	𝑥 < 4.3.0
apple	mac_os_x	𝑥 < 10.6.7
opensuse	opensuse	11.2
opensuse	opensuse	11.3
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	6.3
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0
debian	debian_linux	5.0
debian	debian_linux	6.0
hp	insight_control_server_deployment	*
hp	rapid_deployment_pack	*
apache	openoffice	2.1.0 ≤ 𝑥 ≤ 2.4.3
apache	openoffice	3.0.0 ≤ 𝑥 < 3.3.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libxml2

bullseye	2.9.10+dfsg-6.7+deb11u4 fixed
bullseye (security)	2.9.10+dfsg-6.7+deb11u5 fixed
bookworm	2.9.14+dfsg-1.3~deb12u1 fixed
sid	2.12.7+dfsg+really2.9.14-0.1 fixed
trixie	2.12.7+dfsg+really2.9.14-0.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

maverick	Fixed 8.0.552.215~r67652-0ubuntu0.10.10.1 released
lucid	Fixed 8.0.552.215~r67652-0ubuntu0.10.04.1 released
karmic	dne
hardy	dne
dapper	dne

Known Exploits!

Common Weakness Enumeration

CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

http://code.google.com/p/chromium/issues/detail?id=63444

http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://secunia.com/advisories/40775

http://secunia.com/advisories/42472

http://secunia.com/advisories/42721

http://secunia.com/advisories/42762

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://www.debian.org/security/2010/dsa-2137

http://www.mandriva.com/security/advisories?name=MDVSA-2010:260

http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

http://www.redhat.com/support/errata/RHSA-2011-1749.html

http://www.vupen.com/english/advisories/2010/3319

http://www.vupen.com/english/advisories/2010/3336

http://www.vupen.com/english/advisories/2011/0230

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916

http://code.google.com/p/chromium/issues/detail?id=63444

http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://secunia.com/advisories/40775

http://secunia.com/advisories/42472

http://secunia.com/advisories/42721

http://secunia.com/advisories/42762

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4564

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://www.debian.org/security/2010/dsa-2137

http://www.mandriva.com/security/advisories?name=MDVSA-2010:260

http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

http://www.redhat.com/support/errata/RHSA-2011-1749.html

http://www.vupen.com/english/advisories/2010/3319

http://www.vupen.com/english/advisories/2010/3336

http://www.vupen.com/english/advisories/2011/0230

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916