Ubuntu.comUB:CVE-2009-1709CVE-2009-1709
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.062 Low
EPSS
Percentile
93.5%
Use-after-free vulnerability in the garbage-collection implementation in
WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to
execute arbitrary code or cause a denial of service (heap corruption and
application crash) via an SVG animation element, related to SVG set
objects, SVG marker elements, the targetElement attribute, and unspecified
“caches.”
Bugs
- <https://bugzilla.redhat.com/show_bug.cgi?id=506246>
- <https://bugs.webkit.org/show_bug.cgi?id=18551>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534947>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534951>
Notes
| Author | Note |
|---|---|
| jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
| mdeslaur | PoC: http://trac.webkit.org/browser/trunk/LayoutTests/svg/W3C-SVG-1.1/animate-elem-63-t.svg?format=txt More reproducers: https://bugs.webkit.org/show_bug.cgi?id=18551 for kde4libs, code not present in hardy and intrepid and code already fixed in jaunty and karmic |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 8.04 | noarch | kdegraphics | < 4:3.5.10-0ubuntu1~hardy1.1 | UNKNOWN |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.062 Low
EPSS
Percentile
93.5%