9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.037 Low
EPSS
Percentile
91.6%
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1,
iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in
kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do
not properly handle numeric character references, which allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) via a crafted HTML document.
Author | Note |
---|---|
jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
mdeslaur | PoC: http://trac.webkit.org/browser/trunk/LayoutTests/fast/parser/eightdigithexentity.html?rev=44799&format=txt expected output: http://trac.webkit.org/browser/trunk/LayoutTests/fast/parser/eightdigithexentity-expected.txt?rev=44799&format=txt direct link: http://trac.webkit.org/export/46476/trunk/LayoutTests/fast/parser/eightdigithexentity.html as per RH bug, in kde4libs, this is a rendering bug, not a security bug |