CVE-2010-4008: Improper Restriction of Operations within the Bounds of a Memory Buffer

November 17, 2010 (updated June 4, 2020)

libxml2, as used in Google Chrome, Apple Safari, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

References

nvd.nist.gov/vuln/detail/CVE-2010-4008

Detect and mitigate CVE-2010-4008 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →