CVE-2009-0945

HIGH

Description

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.

ID	Name	Product	Family	Severity
75629	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
65118	Ubuntu 8.04 LTS : kdegraphics vulnerabilities (USN-823-1)	Nessus	Ubuntu Local Security Checks	high
60604	Scientific Linux Security Update : kdegraphics on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
53764	openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)	Nessus	SuSE Local Security Checks	critical
53665	openSUSE Security Update : kdegraphics3 (openSUSE-SU-2010:1035-1)	Nessus	SuSE Local Security Checks	high
51113	SuSE 10 Security Update : kdegraphics (ZYPP Patch Number 7235)	Nessus	SuSE Local Security Checks	high
48170	Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)	Nessus	Mandriva Local Security Checks	high
44852	Debian DSA-1988-1 : qt4-x11 - several vulnerabilities	Nessus	Debian Local Security Checks	high
44815	Debian DSA-1950-1 : webkit - several vulnerabilities	Nessus	Debian Local Security Checks	high
44731	Debian DSA-1866-1 : kdegraphics - several vulnerabilities	Nessus	Debian Local Security Checks	high
43764	CentOS 5 : kdegraphics (CESA-2009:1130)	Nessus	CentOS Local Security Checks	high
42467	Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)	Nessus	Ubuntu Local Security Checks	high
41606	Ubuntu 8.10 / 9.04 : webkit vulnerabilities (USN-836-1)	Nessus	Ubuntu Local Security Checks	high
40767	Ubuntu 8.04 LTS / 8.10 / 9.04 : kde4libs, kdelibs vulnerabilities (USN-822-1)	Nessus	Ubuntu Local Security Checks	high
40414	Fedora 10 : kdelibs-4.2.4-6.fc10 (2009-8049)	Nessus	Fedora Local Security Checks	high
40412	Fedora 11 : kdelibs-4.2.4-6.fc11 (2009-8039)	Nessus	Fedora Local Security Checks	high
39771	Fedora 11 : webkitgtk-1.1.8-1.fc11 (2009-6166)	Nessus	Fedora Local Security Checks	high
39531	RHEL 5 : kdegraphics (RHSA-2009:1130)	Nessus	Red Hat Local Security Checks	high
38791	Google Chrome < 1.0.154.65 WebKit SVGList Object Handling Memory Corruption	Nessus	Windows	medium
38745	Safari < 3.2.3 Multiple Vulnerabilities	Nessus	Windows	high
38744	Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
5026	Google Chrome < 1.0.154.65 Remote Code Execution	Nessus Network Monitor	Web Clients	medium
5024	Safari < 3.2.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
5023	Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
800998	Safari < 3.2.3 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800894	Google Chrome < 1.0.154.65 Remote Code Execution	Log Correlation Engine	Web Clients	high
800792	Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	high

CVE-2009-0945

Description

References

Details

Risk Information

CVSS v2.0