2.5.6

DATE	CVE	VULNERABILITY TITLE	RISK
2010-12-07	CVE-2010-4494	Double Free vulnerability in Google Chrome Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. network low complexity google xmlsoft apple opensuse suse fedoraproject redhat debian hp apache CWE-415	7.5
2010-11-17	CVE-2010-4008	Buffer Errors vulnerability in Google Chrome libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. network xmlsoft apple google debian canonical redhat opensuse suse apache CWE-119	4.3
2008-08-27	CVE-2008-3281	XML Entity Expansion vulnerability in multiple products libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. network low complexity xmlsoft apple fedoraproject canonical debian redhat vmware CWE-776	6.5