Bug#532725: libqt4-webkit: CVE-2009-0945: Array index error in the insertItemBefore method in WebKit
luciano at debian.org
Wed Jun 10 23:22:21 UTC 2009
the following CVE (Common Vulnerabilities & Exposures) id was
published for libwebkit-1.0-1.
| Array index error in the insertItemBefore method in WebKit, as used in
| Safari before 3.2.3 and 4 Public Beta, Google Chrome Stable before
| 126.96.36.199, and possibly other products allows remote attackers to
| execute arbitrary code via a document with a SVGPathList data
| structure containing a negative index in the (1) SVGTransformList, (2)
| SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5)
| SVGPointList, or (6) SVGLengthList SVGList object, which triggers
| memory corruption.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
You could find a PoC in http://bugs.gentoo.org/271861 . The bug looks fixed in libwebkit-1.0-2.
For further information see:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the Pkg-webkit-maintainers