1
PublicDateAtUSN: 2009-05-13
2
Candidate: CVE-2009-0945
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
6
http://www.zerodayinitiative.com/advisories/ZDI-09-022/
7
https://usn.ubuntu.com/usn/usn-823-1
8
https://usn.ubuntu.com/usn/usn-822-1
9
https://usn.ubuntu.com/usn/usn-836-1
10
https://usn.ubuntu.com/usn/usn-857-1
12
Array index error in the insertItemBefore method in WebKit, as used in
13
Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1,
14
iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before
15
1.0.154.65, and possibly other products allows remote attackers to execute
16
arbitrary code via a document with a SVGPathList data structure containing
17
a negative index in the (1) SVGTransformList, (2) SVGStringList, (3)
18
SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList
19
SVGList object, which triggers memory corruption.
22
mdeslaur> PoC: http://bugs.gentoo.org/show_bug.cgi?id=271863
24
https://bugs.webkit.org/show_bug.cgi?id=24730 (restricted!)
25
http://bugs.gentoo.org/show_bug.cgi?id=271863
26
https://bugzilla.redhat.com/show_bug.cgi?id=506703
27
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532718
28
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532724
29
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532725
30
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534917
31
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534918
37
upstream: http://trac.webkit.org/changeset/43590
38
upstream: http://trac.webkit.org/changeset/43795 (revised)
39
upstream_webkit: needs-triage
41
hardy_webkit: ignored (reached end-of-life)
42
intrepid_webkit: released (1.0.1-2ubuntu0.2)
43
jaunty_webkit: released (1.0.1-4ubuntu0.1)
44
karmic_webkit: not-affected (1.1.12-1ubuntu1)
45
lucid_webkit: not-affected (1.1.12-1ubuntu1)
46
maverick_webkit: not-affected (1.1.12-1ubuntu1)
47
natty_webkit: not-affected (1.1.12-1ubuntu1)
48
devel_webkit: not-affected (1.1.12-1ubuntu1)
51
upstream: http://websvn.kde.org/?view=rev&revision=983306 (incorrectly marked as CVE-2009-1709)
52
vendor: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.diff.gz
53
vendor: http://release.debian.org/proposed-updates/stable_diffs/kdegraphics_3.5.9-3+lenny2.debdiff
54
upstream_kdegraphics: needs-triage
55
dapper_kdegraphics: ignored (reached end-of-life)
56
hardy_kdegraphics: released (4:3.5.10-0ubuntu1~hardy1.1)
57
intrepid_kdegraphics: not-affected (code not present)
58
jaunty_kdegraphics: not-affected (code not present)
59
karmic_kdegraphics: not-affected (code not present)
60
lucid_kdegraphics: not-affected (code not present)
61
maverick_kdegraphics: not-affected (code not present)
62
natty_kdegraphics: not-affected (code not present)
63
devel_kdegraphics: not-affected (code not present)
66
upstream_kdelibs: not-affected (code not present)
67
dapper_kdelibs: not-affected (code not present)
68
hardy_kdelibs: not-affected (code not present)
69
intrepid_kdelibs: not-affected (code not present)
70
jaunty_kdelibs: not-affected (code not present)
71
karmic_kdelibs: not-affected (code not present)
72
lucid_kdelibs: not-affected (code not present)
73
maverick_kdelibs: not-affected (code not present)
74
natty_kdelibs: not-affected (code not present)
75
devel_kdelibs: not-affected (code not present)
78
upstream: http://websvn.kde.org/?view=rev&revision=983302
79
upstream_kde4libs: needs-triage
81
hardy_kde4libs: not-affected (code not present)
82
intrepid_kde4libs: not-affected (code not present)
83
jaunty_kde4libs: released (4:4.2.2-0ubuntu5.1)
84
karmic_kde4libs: not-affected (4:4.3.0-0ubuntu6)
85
lucid_kde4libs: not-affected (4:4.3.0-0ubuntu6)
86
maverick_kde4libs: not-affected (4:4.3.0-0ubuntu6)
87
natty_kde4libs: not-affected (4:4.3.0-0ubuntu6)
88
devel_kde4libs: not-affected (4:4.3.0-0ubuntu6)
91
upstream: http://websvn.kde.org/?view=rev&revision=983302
92
upstream_qt4-x11: needs-triage
93
dapper_qt4-x11: not-affected (no webkit)
94
hardy_qt4-x11: not-affected (no webkit)
95
intrepid_qt4-x11: released (4.4.3-0ubuntu1.4)
96
jaunty_qt4-x11: released (4.5.0-0ubuntu4.3)
97
karmic_qt4-x11: not-affected (4.5.2-0ubuntu5)
98
lucid_qt4-x11: not-affected (4.5.2-0ubuntu5)
99
maverick_qt4-x11: not-affected (4.5.2-0ubuntu5)
100
natty_qt4-x11: not-affected (4.5.2-0ubuntu5)
101
devel_qt4-x11: not-affected (4.5.2-0ubuntu5)