Bug#532725: libqt4-webkit: CVE-2009-0945: Array index error in the insertItemBefore method in WebKit

Luciano Bello luciano at debian.org
Wed Jun 10 23:22:21 UTC 2009

Package: libwebkit-1.0-1
Version: 1.0.1-4+b1
Severity: grave
Tags: security

the following CVE (Common Vulnerabilities & Exposures) id was
published for libwebkit-1.0-1.

| Array index error in the insertItemBefore method in WebKit, as used in
| Safari before 3.2.3 and 4 Public Beta, Google Chrome Stable before
|, and possibly other products allows remote attackers to
| execute arbitrary code via a document with a SVGPathList data
| structure containing a negative index in the (1) SVGTransformList, (2)
| SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5)
| SVGPointList, or (6) SVGLengthList SVGList object, which triggers
| memory corruption.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

You could find a PoC in http://bugs.gentoo.org/271861 . The bug looks fixed in libwebkit-1.0-2.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20090610/c0bfce86/attachment.pgp>

More information about the Pkg-webkit-maintainers mailing list