CVE-2009-1709
Published: 10 June 2009
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
Notes
Author | Note |
---|---|
jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
mdeslaur | PoC: http://trac.webkit.org/browser/trunk/LayoutTests/svg/W3C-SVG-1.1/animate-elem-63-t.svg?format=txt More reproducers: https://bugs.webkit.org/show_bug.cgi?id=18551 for kde4libs, code not present in hardy and intrepid and code already fixed in jaunty and karmic |
Priority
Status
Package | Release | Status |
---|---|---|
kde4libs Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(already fixed)
|
|
upstream |
Needs triage
|
|
kdegraphics Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(4:3.5.10-0ubuntu1~hardy1.1)
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.diff.gz vendor: http://release.debian.org/proposed-updates/stable_diffs/kdegraphics_3.5.9-3+lenny2.debdiff |
||
qt4-x11 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(no webkit)
|
hardy |
Not vulnerable
(no webkit)
|
|
intrepid |
Not vulnerable
(code not present)
|
|
jaunty |
Not vulnerable
(4.5.0-0ubuntu4.2)
|
|
upstream |
Needs triage
|
|
webkit Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Not vulnerable
(1.0.1-2ubuntu0.1)
|
|
jaunty |
Not vulnerable
(1.0.1-4)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://trac.webkit.org/changeset/32039 |