Bug#532725: libqt4-webkit: CVE-2009-0945: Array index error in the insertItemBefore method in WebKit
Luciano Bello
luciano at debian.org
Wed Jun 10 23:22:21 UTC 2009
Package: libwebkit-1.0-1
Version: 1.0.1-4+b1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libwebkit-1.0-1.
CVE-2009-0945[0]:
| Array index error in the insertItemBefore method in WebKit, as used in
| Safari before 3.2.3 and 4 Public Beta, Google Chrome Stable before
| 1.0.154.65, and possibly other products allows remote attackers to
| execute arbitrary code via a document with a SVGPathList data
| structure containing a negative index in the (1) SVGTransformList, (2)
| SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5)
| SVGPointList, or (6) SVGLengthList SVGList object, which triggers
| memory corruption.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
You could find a PoC in http://bugs.gentoo.org/271861 . The bug looks fixed in libwebkit-1.0-2.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
http://security-tracker.debian.net/tracker/CVE-2009-0945
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20090610/c0bfce86/attachment.pgp>
More information about the Pkg-webkit-maintainers
mailing list