CVE-2009-0945

2009-05-1300:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.059 Low

EPSS

Percentile

93.4%

JSON

Array index error in the insertItemBefore method in WebKit, as used in
Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1,
iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before
1.0.154.65, and possibly other products allows remote attackers to execute
arbitrary code via a document with a SVGPathList data structure containing
a negative index in the (1) SVGTransformList, (2) SVGStringList, (3)
SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList
SVGList object, which triggers memory corruption.

Bugs

Notes

Author	Note
mdeslaur	PoC: http://bugs.gentoo.org/show_bug.cgi?id=271863

OSVersionArchitecturePackageVersionFilename
ubuntu9.04noarchkde4libs< 4:4.2.2-0ubuntu5.1UNKNOWN
ubuntu8.04noarchkdegraphics< 4:3.5.10-0ubuntu1~hardy1.1UNKNOWN
ubuntu8.10noarchqt4-x11< 4.4.3-0ubuntu1.4UNKNOWN
ubuntu9.04noarchqt4-x11< 4.5.0-0ubuntu4.3UNKNOWN
ubuntu8.10noarchwebkit< 1.0.1-2ubuntu0.2UNKNOWN
ubuntu9.04noarchwebkit< 1.0.1-4ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.04	noarch	kde4libs	< 4:4.2.2-0ubuntu5.1	UNKNOWN
ubuntu	8.04	noarch	kdegraphics	< 4:3.5.10-0ubuntu1~hardy1.1	UNKNOWN
ubuntu	8.10	noarch	qt4-x11	< 4.4.3-0ubuntu1.4	UNKNOWN
ubuntu	9.04	noarch	qt4-x11	< 4.5.0-0ubuntu4.3	UNKNOWN
ubuntu	8.10	noarch	webkit	< 1.0.1-2ubuntu0.2	UNKNOWN
ubuntu	9.04	noarch	webkit	< 1.0.1-4ubuntu0.1	UNKNOWN