Launchpad.net

CVE 2009-0945

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-05-12
APPLE: APPLE-SA-2009-05-12
APPLE: APPLE-SA-2009-05-12
CONFIRM: http://support.apple.c...
CERT: TA09-133A
SECTRACK: 1022207
SECUNIA: 35056
SECUNIA: 35074
VUPEN: ADV-2009-1297
VUPEN: ADV-2009-1298
MISC: http://www.zerodayinit...
CONFIRM: http://code.google.com...
CONFIRM: http://googlechromerel...
SECUNIA: 35095
VUPEN: ADV-2009-1321
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-06-17-1
VUPEN: ADV-2009-1621
REDHAT: RHSA-2009:1130
BID: 34924
SECUNIA: 35576
FEDORA: FEDORA-2009-6166
SECUNIA: 35805
FEDORA: FEDORA-2009-8039
FEDORA: FEDORA-2009-8049
SECUNIA: 36062
SECUNIA: 36461
UBUNTU: USN-822-1
DEBIAN: DSA-1950
SECUNIA: 37746
UBUNTU: USN-857-1
UBUNTU: USN-836-1
SECUNIA: 36790
SUSE: SUSE-SR:2011:002
SECUNIA: 43068
VUPEN: ADV-2011-0212
XF: safari-webkit-svglist-...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-823-1
BUGTRAQ: 20090519 ZDI-09-022: A...

Launchpad.net

CVE 2009-0945

Related bugs

References