CVE-2009-1709

Publication date 10 June 2009

Last updated 24 July 2024


Ubuntu priority

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."

Read the notes from the security team

Status

Package Ubuntu Release Status
kde4libs 9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
kdegraphics 9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 4:3.5.10-0ubuntu1~hardy1.1
6.06 LTS dapper Ignored end of life
qt4-x11 9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper
Not affected
webkit 9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release

Notes


jdstrand

webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit


mdeslaur

PoC: http://trac.webkit.org/browser/trunk/LayoutTests/svg/W3C-SVG-1.1/animate-elem-63-t.svg?format=txt More reproducers: https://bugs.webkit.org/show_bug.cgi?id=18551 for kde4libs, code not present in hardy and intrepid and code already fixed in jaunty and karmic

References

Related Ubuntu Security Notices (USN)

    • USN-823-1
    • KDE-Graphics vulnerabilities
    • 24 August 2009

Other references