Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-1798

rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document.

Related bugs and status

CVE-2011-1798 (Candidate) is related to these bugs:

Bug #778822: 11.0.696.57 -> 11.0.696.65

		In	Importance	Status
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Lucid)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Maverick)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Natty)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Oneiric)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://crbug.com/79595
CONFIRM: http://launchpad.net/b...
CONFIRM: http://trac.webkit.org...