9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.062 Low
EPSS
Percentile
93.5%
Use-after-free vulnerability in the garbage-collection implementation in
WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to
execute arbitrary code or cause a denial of service (heap corruption and
application crash) via an SVG animation element, related to SVG set
objects, SVG marker elements, the targetElement attribute, and unspecified
“caches.”
Author | Note |
---|---|
jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
mdeslaur | PoC: http://trac.webkit.org/browser/trunk/LayoutTests/svg/W3C-SVG-1.1/animate-elem-63-t.svg?format=txt More reproducers: https://bugs.webkit.org/show_bug.cgi?id=18551 for kde4libs, code not present in hardy and intrepid and code already fixed in jaunty and karmic |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | kdegraphics | < 4:3.5.10-0ubuntu1~hardy1.1 | UNKNOWN |